Over the past two weeks, we saw The CrowdStrike Falcon OverWatch threat hunting team has uncovered a new and highly sophisticated Internet Information Services (IIS) post-exploitation framework that CrowdStrike refers to as IceApple. Also, 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related.
For more articles, check out our #onpatrol4malware blog.
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Source: Malwarebytes Labs
The downloaded document is in fact decoy for a Remote Access Trojan (RAT) capable of stealing data and executing other malicious commands on a victim’s computer. Read more.
ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK
Source: CrowdStrike
A new and highly sophisticated Internet Information Services (IIS) post-exploitation framework that CrowdStrike refers to as IceApple. Read more.
Operation RestyLink: APT campaign targeting Japanese companies
Source: NTT
NTT SOC observed APT campaign targeting Japanese companies starting from mid of April 2022. In this article, NTT reports a detailed analysis of this campaign and discusses the attributes of the attacking group. Read more.
Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes
Source: Check Point Research
In the past two months, CPR observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. Read more.
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
Source: Microsoft 365 Defender Research Team
A 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related. Read more.
Vidar distributed through backdoored Windows 11 downloads and abusing Telegram
Source: zscaler
In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. Read more.