Ransomware has topped this InfoSec articles. One of which is the Netwalker ransomware. This involves malware that is not compiled but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. Read more on Netwalker, other ransomware, and malware below.
For more articles, check out our #onpatrol4malware blog.
The Dacls RAT …now on macOS!
In this blog post, we deconstruct Lazarus’ macOS latest creation (a variant of the Dacls RAT) , highlighting its install logic, persistence mechanism, and capabilities! We’ll also highlights IOCs and generic methods of detection. Read more.
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
Since November 2019, we’ve seen the MAZE ransomware being used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model. Read more.
COVID-19 – Malware Makes Hay During a Pandemic
Over the last few months of 2020, McAfee researchers have been hard at work during this time to keep customers safe by more directed monitoring and adaptation of our detection stack to better manage the COVID-19 threat landscape. Read more.
Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer
Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months. Read more.
The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
In light of the Coronavirus lockdowns and subsequent understaffing at many businesses, we were contacted by the customer to help investigate threat alerts in their SentinelOne Console. Read more.
Top 10 Routinely Exploited Vulnerabilities
Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Read more.
RATicate: an attacker’s waves of information-stealing malware
In a series of malspam campaigns dating back to November of 2019, an unidentified group sent out waves of installers that drop remote administration tool (RAT) and information stealing malware on victims’ computers. Read more.
COMpfun authors spoof visa application with HTTP status-based Trojan
The campaign operators retained their focus on diplomatic entities, this time in Europe, and spread the initial dropper as a spoofed visa application. Read more.
ATT&CKing ProLock Ransomware
Source: Group IB
ProLock ransomware emerged in March 2020 as the successor of PwndLocker, which began operating in late 2019 and was responsible for the attack on Illinois’ Lasalle County earlier this year. Read more.
Netwalker Fileless Ransomware Injected via Reflective Loading
Source: Trend Micro
It have been observed that Netwalker ransomware attacks involve malware that is not compiled, but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. Read more.