There has been a lot of RATs as well as botnets lately, such as HEH. HEH Botnet is spreading through brute force of the Telnet service on ports 23/2323. The bot does not really care of what the end devices are, as long as it can enter the device, it will try its luck to infect the target. Learn about HEH and other botnets and RATs in this batch of InfoSec Articles.
For more articles, check out our #onpatrol4malware blog.
Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities
360Netlab Anglerfish system have successively monitored attacker using two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based on Mirai code. Read more.
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Source: Cisco Talos
The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT. This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government. Read more.
Release the Kraken: Fileless injection into Windows Error Reporting service
Source: Malwarebytes Labs
On September 17th, Malwarebytes discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism. Read more.
HEH, a new IoT P2P Botnet going after weak telnet services
HEH Botnet is spreading through brute force of the Telnet service on ports 23/2323. The bot does not really care of what the end devices are, as long as it can enter the device, it will try its luck to infect the target. Read more.
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
Initially, the reason for the interest in this malware was its rarity, the obviously targeted nature of the campaign, and the fact that there are no obvious similarities with already known campaigns at the level of code, infrastructure, or TTPs. Read more.
Sophisticated new Android malware marks the latest evolution of mobile ransomware
Microsoft’s mobile threat defense capabilities further enrich the visibility that organizations have on threats in their networks, as well as provide more tools to detect and respond to threats across domains and across platforms. Read more.
Phishing emails lure victims with inside info on Trump’s health
Source: Bleeping Computer
With the United States 2020 Presidential elections being hyper-partisan, people from different sides of the aisle have become obsessed with Trump’s health for various reasons. Read more.
Microsoft Uses Trademark Law to Disrupt Trickbot Botnet
Source: Krebs on Security
Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. Read more.
TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent
Microsoft successfully argued in court against the use of Windows SDKs inside malware code, a precedent it would be able to use again and again in future botnet crackdowns. Read more.
FIN11 Spun Out From TA505 Umbrella as Distinct Attack Group
Source: Security Week
FIN11 is a new designation for a financially motivated threat actor that may previously have been obscured within the activity set and group usually referred to as TA505. Although there are similarities and overlaps in the TTPs of both groups, researchers have discovered enough differences to separate the groups. Read more.