Half of 2020 is here and malware such as Mylobot, ComRAT, and the likes have also upgraded their game. Mylobot has the ability to download and execute any type of payload after it infects a host. Learn more in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
From Agent.BTZ to ComRAT v4: A ten‑year journey
ESET researchers have found a new version of one of the oldest malware families run by the Turla group. Turla has updated its ComRAT backdoor and now uses the Gmail web interface for Command and Control. Read more.
Introducing Blue Mockingbird
Source: Red Canary
Blue Mockingbird is the name given to a cluster of similar activity observed to be involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. Read more.
Shifts in Underground Markets: Past, Present, and Future
Source: Trend Micro
This research paper presents a wide-ranging view of dark web marketplaces and underground cybercriminal forums. It delves into notable trends and market movements within these selling environments. Read more.
LDAPt Your DNS Configuration to Prevent Internal Domain Leakages
Source: Team Cymru
One of the ways in which potentially sensitive detail can be leaked is via DNS queries for resources that are expected to only exist internally. Read more.
IcedID: When ice burns through bank accounts
Source: Group IB
Group-IB Threat Intelligence team published an article about IcedID in August 2018, but it has since learned new tricks, including using steganography to hide configuration data in the file system and network traffic. Read more.
Mylobot Continues Global Infections
Mylobot botnet is a sophisticated malware family that is categorized as a downloader. What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host. Read more.
In-depth analysis of the new Team9 malware family
Source: Fox It
Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar ’) appears to be a new malware being developed by the group behind Trickbot. Read more.
The Octopus Scanner Malware: Attacking the open source supply chain
On March 9, a message was received from a security researcher informing about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. Read more.
Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman
Source: Security Affairs
The REvil/Sodinokibi ransomware operators have leaked the files allegedly stolen from the UK power grid middleman Elexon. Read more.
Ransomware locks down the Nipissing First Nation
Source: Bleeping Computer
The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications. Read more.
Network Perimeters in the Age of Social Distancing
Source: Team Cymru
One concept, we’ve all become familiar with recently is “Social Distancing”. The CDC  describes this as “physical distancing”, meaning to keep space between yourself and other people outside of your home. Read more.