// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of July 10, 2023
Signal Brief · Archived

Week of July 10, 2023

2023-07-10 — 2023-07-16 · 4 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of July 10, 2023, ColdRecon logged 4 public endpoint-security events from open-source reporting — 2 research pocs, 1 incident, 1 vuln disclosure. Vendors in the record this week: Microsoft, Oreans Technologies.

The Week's Public Record

Events

2023-07-12
research poc
ContainYourself PoC Abuses Windows Containers to Bypass EDRContainYourself
Deep Instinct released a proof-of-concept tool called ContainYourself, presented at DEFCON 31, that abuses the Windows containers isolation framework to bypass endpoint detection and response (EDR) systems. The technique evades file-system-based malware protection, file write restrictions, and ETW-based correlations. The repository includes a static library, a PoC tool, and wiper/ransomware projects.
2023-07-11
incident
Storm-0978 Phishing Campaign Exploits CVE-2023-36884 for Espionage and RansomwareCVE-2023-36884
Microsoft identified a phishing campaign by Russian threat actor Storm-0978 targeting defense and government entities in Europe and North America. The campaign exploited CVE-2023-36884, a remote code execution vulnerability in Microsoft Word, to deliver a backdoor similar to RomCom. The actor also conducts financially motivated ransomware attacks using Underground ransomware, a rebrand of Industrial Spy.
2023-07-11
vuln disclosure
CVE-2023-36874: Windows Error Reporting Elevation of Privilege VulnerabilityCVE-2023-36874
CVE-2023-36874 is a local privilege escalation vulnerability in the Windows Error Reporting (WER) service. An attacker with low-level user access can exploit this flaw to gain SYSTEM privileges, enabling full system compromise. The vulnerability is actively exploited in the wild and listed in CISA's Known Exploited Vulnerabilities catalog.
2023-07-10
research poc
Proof-of-Concept Bypass for Themida 3.x.x CRC Integrity Check via WinAPI HookingThemida-CRC-Bypass
A proof-of-concept demonstrates bypassing Themida 3.x.x's CHECK_CODE_INTEGRITY macro by hooking VirtualAlloc and inducing an access violation to skip the CRC comparison. This technique undermines the anti-tampering protection of software protected by Themida, potentially allowing reverse engineering or modification of protected applications.
Oreans Technologies ↗ github.com (2023-07-10)
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →