Half of 2020 is here and malware such as Mylobot, ComRAT, and the likes have also upgraded their game. Mylobot has the ability to download and execute any type of payload after it infects a host. Learn more in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Mylobot

From Agent.BTZ to ComRAT v4: A ten‑year journey

Source: WeLiveSecurity

ESET researchers have found a new version of one of the oldest malware families run by the Turla group. Turla has updated its ComRAT backdoor and now uses the Gmail web interface for Command and Control. Read more.

IOT

Introducing Blue Mockingbird

Source: Red Canary

Blue Mockingbird is the name given to a cluster of similar activity observed to be involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. Read more.

malicious Microsoft Office documents

Shifts in Underground Markets: Past, Present, and Future

Source: Trend Micro

This research paper presents a wide-ranging view of dark web marketplaces and underground cybercriminal forums. It delves into notable trends and market movements within these selling environments. Read more.

malicious Microsoft Office documents

LDAPt Your DNS Configuration to Prevent Internal Domain Leakages

Source: Team Cymru

One of the ways in which potentially sensitive detail can be leaked is via DNS queries for resources that are expected to only exist internally. Read more.

malicious Microsoft Office documents

IcedID: When ice burns through bank accounts

Source: Group IB

Group-IB Threat Intelligence team published an article about IcedID in August 2018, but it has since learned new tricks, including using steganography to hide configuration data in the file system and network traffic. Read more.

Mylobot

Mylobot Continues Global Infections

Source: CenturyLink

Mylobot botnet is a sophisticated malware family that is categorized as a downloader. What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host. Read more.

Mylobot

In-depth analysis of the new Team9 malware family

Source: Fox It

Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar [1]’) appears to be a new malware being developed by the group behind Trickbot. Read more.

Mylobot

The Octopus Scanner Malware: Attacking the open source supply chain

Source: SecurityLab

On March 9, a message was received from a security researcher informing about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. Read more.

malicious Microsoft Office documents

Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman

Source: Security Affairs

The REvil/Sodinokibi ransomware operators have leaked the files allegedly stolen from the UK power grid middleman Elexon. Read more.

malicious Microsoft Office documents

Ransomware locks down the Nipissing First Nation

Source: Bleeping Computer

The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications. Read more.

malicious Microsoft Office documents

Network Perimeters in the Age of Social Distancing

Source: Team Cymru

One concept, we’ve all become familiar with recently is “Social Distancing”. The CDC [1] describes this as “physical distancing”, meaning to keep space between yourself and other people outside of your home. Read more.