+1.813.321.0987

Over the past two weeks, we saw The CrowdStrike Falcon OverWatch™ threat hunting team has uncovered a new and highly sophisticated Internet Information Services (IIS) post-exploitation framework that CrowdStrike refers to as IceApple. Also, 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related.

For more articles, check out our #onpatrol4malware blog.

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

Source: Malwarebytes Labs

The downloaded document is in fact decoy for a Remote Access Trojan (RAT) capable of stealing data and executing other malicious commands on a victim’s computer. Read more.

ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK
Understanding the threat to your IIS servers

Source: CrowdStrike

A new and highly sophisticated Internet Information Services (IIS) post-exploitation framework that CrowdStrike refers to as IceApple. Read more.

Operation RestyLink: APT campaign targeting Japanese companies

Source: NTT

NTT SOC observed APT campaign targeting Japanese companies starting from mid of April 2022. In this article, NTT reports a detailed analysis of this campaign and discusses the attributes of the attacking group. Read more.

Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes

Source: Check Point Research

In the past two months, CPR observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. Read more.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

Source: Microsoft 365 Defender Research Team

 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related. Read more.

Vidar distributed through backdoored Windows 11 downloads and abusing Telegram

Source: zscaler

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. Read more.