Ransomware has topped this InfoSec articles. One of which is the Netwalker ransomware. This involves malware that is not compiled but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. Read more on Netwalker, other ransomware, and malware below.

For more articles, check out our #onpatrol4malware blog.

malicious Microsoft Office documents

The Dacls RAT …now on macOS!

Source: Objective-See

In this blog post, we deconstruct Lazarus’ macOS latest creation (a variant of the Dacls RAT) , highlighting its install logic, persistence mechanism, and capabilities! We’ll also highlights IOCs and generic methods of detection. Read more.

Netwalker ransomware

Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents

Source: FireEye

Since November 2019, we’ve seen the MAZE ransomware being used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model. Read more.

malicious Microsoft Office documents

COVID-19 – Malware Makes Hay During a Pandemic

Source: McAfee

Over the last few months of 2020, McAfee researchers have been hard at work during this time to keep customers safe by more directed monitoring and adaptation of our detection stack to better manage the COVID-19 threat landscape. Read more.

Netwalker ransomware

Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer

Source: Talos

Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months. Read more.

malicious Microsoft Office documents

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration

Source: SentinelLABS

In light of the Coronavirus lockdowns and subsequent understaffing at many businesses, we were contacted by the customer to help investigate threat alerts in their SentinelOne Console. Read more.

malicious Microsoft Office documents

Top 10 Routinely Exploited Vulnerabilities

Source: CISA

Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Read more.

malicious Microsoft Office documents

RATicate: an attacker’s waves of information-stealing malware

Source: Sophos

In a series of malspam campaigns dating back to November of 2019, an unidentified group sent out waves of installers that drop remote administration tool (RAT) and information stealing malware on victims’ computers. Read more.

malicious Microsoft Office documents

COMpfun authors spoof visa application with HTTP status-based Trojan

Source: SecureList

The campaign operators retained their focus on diplomatic entities, this time in Europe, and spread the initial dropper as a spoofed visa application. Read more.

Netwalker ransomware

ATT&CKing ProLock Ransomware

Source: Group IB

ProLock ransomware emerged in March 2020 as the successor of PwndLocker, which began operating in late 2019 and was responsible for the attack on Illinois’ Lasalle County earlier this year. Read more.

Netwalker ransomware

Netwalker Fileless Ransomware Injected via Reflective Loading

Source: Trend Micro

It have been observed that Netwalker ransomware attacks involve malware that is not compiled, but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. Read more.