There has been a lot of RATs as well as botnets lately, such as HEH. HEH Botnet is spreading through brute force of the Telnet service on ports 23/2323. The bot does not really care of what the end devices are, as long as it can enter the device, it will try its luck to infect the target. Learn about HEH and other botnets and RATs in this batch of InfoSec Articles.

For more articles, check out our #onpatrol4malware blog.

Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities

Source: Netlab

360Netlab Anglerfish system have successively monitored attacker using two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based on Mirai code. Read more.

HEH Botnet

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

Source: Cisco Talos

The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT. This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government. Read more.

Release the Kraken: Fileless injection into Windows Error Reporting service

Source: Malwarebytes Labs

On September 17th, Malwarebytes discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism. Read more.

HEH Botnet

HEH, a new IoT P2P Botnet going after weak telnet services

Source: Netlab

HEH Botnet is spreading through brute force of the Telnet service on ports 23/2323. The bot does not really care of what the end devices are, as long as it can enter the device, it will try its luck to infect the target. Read more.

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

Source: SecureList

Initially, the reason for the interest in this malware was its rarity, the obviously targeted nature of the campaign, and the fact that there are no obvious similarities with already known campaigns at the level of code, infrastructure, or TTPs. Read more.

Sophisticated new Android malware marks the latest evolution of mobile ransomware

Source: Microsoft

Microsoft’s mobile threat defense capabilities further enrich the visibility that organizations have on threats in their networks, as well as provide more tools to detect and respond to threats across domains and across platforms. Read more.

Phishing emails lure victims with inside info on Trump’s health

Source: Bleeping Computer

With the United States 2020 Presidential elections being hyper-partisan, people from different sides of the aisle have become obsessed with Trump’s health for various reasons. Read more.

HEH Botnet

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Source: Krebs on Security

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. Read more.

HEH Botnet

TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent

Source: ZDNet

Microsoft successfully argued in court against the use of Windows SDKs inside malware code, a precedent it would be able to use again and again in future botnet crackdowns. Read more.

FIN11 Spun Out From TA505 Umbrella as Distinct Attack Group

Source: Security Week

FIN11 is a new designation for a financially motivated threat actor that may previously have been obscured within the activity set and group usually referred to as TA505. Although there are similarities and overlaps in the TTPs of both groups, researchers have discovered enough differences to separate the groups. Read more.