Wildcard

Threat Actor updated 4 months ago (2024-05-04T16:11:56.708Z)
Download STIX
Preview STIX
ThreatActor Wildcard is a sophisticated entity known for its malicious activities, including phishing, malware distribution, and other cyber threats. The group employs innovative tactics such as using the /mo parameter to specify the last day of the month and the /m parameter with the wildcard character (*) to indicate that their program runs on the last day of every month. They also utilize evasive strategies like cloaking harmful content and exploiting wildcard DNS to prevent detection of their campaigns. A wildcard search on Threat Intelligence API revealed eight domains linked to this group, further emphasizing their extensive threat landscape. The group's operations have exposed several vulnerabilities in popular security configurations. One such vulnerability exists due to an input validation error caused by using the wildcard ("**") as a pattern in Spring Security configuration with the mvcRequestMatcher. This creates a mismatch in pattern matching between Spring Security and Spring MVC, potentially allowing unauthorized access. Similarly, another flaw was found in the LDAPLoginModule implementation in Apache ActiveMQ 5.x, which allows wildcard operators in usernames, enabling remote attackers to obtain credentials via brute force attacks. Despite the threats posed by Wildcard, there are mitigation strategies available. For instance, Wildcard SSL can authenticate websites and provide full encryption to all subdomains within a single domain, offering a cheaper option than encrypting the subdomains individually. In addition, the processing of wildcard records has changed between BIND 8 and BIND 9, potentially offering more robust protection against such attacks. However, it is crucial for organizations to remain vigilant and proactive in their cybersecurity efforts to counteract the evolving tactics of threat actors like Wildcard.
Description last updated: 2024-03-14T17:25:56.505Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Domains
DNS
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Wildcard Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
CrowdStrike Will Give Customers Control Over Falcon Sensor Content Updates
CERT-EU
6 months ago
Which version of BIND do I want to download and install?
CERT-EU
6 months ago
Tracing Ivanti Zero-Day Exploitation IoCs in the DNS
Unit42
7 months ago
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign
CERT-EU
a year ago
Multiple vulnerabilities in Red Hat Integration Camel for Spring Boot
CERT-EU
a year ago
7 Effective Tips To Ensure Landing Page Security - Business Computing World
CERT-EU
a year ago
Certificate Authorities: What They Are & Why They’re Important
CERT-EU
a year ago
Input validation error in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
CERT-EU
10 months ago
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
Unit42
a year ago
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus
CERT-EU
a year ago
Charming Kitten Updates POWERSTAR with an InterPlanetary Twist
MITRE
2 years ago
FIN8 is Back in Business, Targeting the Hospitality Industry
CERT-EU
10 months ago
How to Assign User Privileges in Heimdal [It’s Easy] 
CERT-EU
10 months ago
Assigning User Privileges in Heimdal [It’s Easy] 
CERT-EU
a year ago
VuXML: curl -- multiple vulnerabilities
CERT-EU
a year ago
Multiple vulnerabilities in Red Hat Virtualization Manager 4.4
MITRE
2 years ago
Dir
CERT-EU
2 years ago
SIU student cybersecurity team among top in the Midwest | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security Consulting
MITRE
2 years ago
Schtasks
CERT-EU
a year ago
RedHat: RHSA-2023-2100:01 Important: Red Hat Integration Camel for ...