Over the past two weeks, we saw New PurpleFox botnet variant uses WebSockets for C2 communication. In addition, since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Â
For more articles, check out our #onpatrol4malware blog.
New “Yanluowang” Ransomware Variant Discovered
Source: InfoSecurity
Security researchers are warning of a newly discovered ransomware variant currently being used in targeted attacks. Read more.
RANSOMWAREÂ IN A GLOBAL CONTEXT
Source: VIRUSTOTAL
This initiative is designed to help researchers, security practitioners and the general public better understand the nature of ransomware attacks by sharing VirusTotal’s visibility. Read more.
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware
Source: CISA
Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Read more.
New PurpleFox botnet variant uses WebSockets for C2 communication
Source: Bleeping Computer
The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. Read more.
Russian-speaking cybercrime evolution: What changed from 2016 to 2021
Source: Secure List
Experts at Kaspersky overview what kind of attacks are now carried out by cybercriminals and what influenced this change — including such factors as changes in vulnerability market and browser safety. Read more.
PurpleFox Adds New Backdoor That Uses WebSockets
Source: TrendMicro
In September 2021, Trend Micro looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. Read more.
Necro Python Botnet Goes After Vulnerable VisualTools DVR
Source: Juniper Networks
In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a new exploit added to its arsenal. Read more.
Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
Source: Mandiant
Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of threat actors from ransomware operators to espionage-focused Advanced Persistent Threats (APTs). Read more.