Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2018-07-18 | 26 | How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners | Mandiant | ||
| Details | Website | 2018-07-16 | 19 | Magniber ransomware improves, expands within Asia | Malwarebytes Labs | ||
| Details | Website | 2018-06-09 | 1 | Drive-by downloads: exploiting cross-site scripting vulnerabilities - Privacy PC | ||
| Details | Website | 2018-06-09 | 79 | Ransomware Chronicle 2016 - Privacy PC | ||
| Details | Website | 2018-05-31 | 12 | Rig Abuses CVE-2018-8174 to Deliver Monero Miner | ||
| Details | Website | 2018-05-15 | 12 | April’s Most Wanted Malware: Cryptomining Malware Targeting Unpatched Server Vulnerabilities, says Check Point - Check Point Software | ||
| Details | Website | 2018-05-14 | 5 | April’s Most Wanted Malware: Cryptomining Malware Targeting Unpatched Server Vulnerabilities - Check Point Software | ||
| Details | Website | 2018-05-10 | 1 | How ransomware attacks have changed one year after Wannacry and NotPetya | ||
| Details | Website | 2018-05-08 | 22 | Tech support scam uses fake Shoppers Stop site to lure thousands | Malwarebytes Labs | ||
| Details | Website | 2018-04-25 | 1 | Prevent Cyber Attacks Through a Lesson in Ransomware Anatomy | ||
| Details | Website | 2018-04-10 | 34 | 'FakeUpdates' campaign leverages multiple website platforms | Malwarebytes Labs | ||
| Details | Website | 2018-03-29 | 3 | Exploit kits: Winter 2018 review | Malwarebytes Labs | ||
| Details | Website | 2018-03-28 | 10 | Malware numbers 2017 | ||
| Details | Website | 2018-03-27 | 21 | Panda Banker Zeros in on Japanese Targets | NETSCOUT | ||
| Details | Website | 2018-03-22 | 1 | Samsam Ransomware hits City of Atlanta IT Systems | ||
| Details | Website | 2018-03-21 | 29 | Fobos Malvertising Campaign Delivers Bunitu Proxy Trojan via RIG EK | ||
| Details | Website | 2018-03-13 | 7 | Drive-by as a service: BlackTDS | Proofpoint US | ||
| Details | Website | 2018-03-07 | 31 | HookAds Campaign Is Back And Using RIG EK to Deliver Bunitu Proxy Trojan | ||
| Details | Website | 2018-03-05 | 10 | Zirconium was one step ahead of Chrome’s redirect blocker with 0-day | ||
| Details | Website | 2018-02-28 | 33 | RIG malvertising campaign uses cryptocurrency theme as decoy | Malwarebytes Labs | ||
| Details | Website | 2018-02-26 | 56 | Seamless Campaign Uses RIG EK to Deliver More Ramnit | ||
| Details | Website | 2018-02-26 | 6 | The state of malicious cryptomining | Malwarebytes Labs | ||
| Details | Website | 2018-02-12 | 28 | Drive-by cryptomining campaign targets millions of Android users | Malwarebytes Labs | ||
| Details | Website | 2018-02-02 | 1 | Ransomware's difficult second album | Malwarebytes Labs | ||
| Details | Website | 2018-01-30 | 53 | GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated) | Malwarebytes Labs |