Over the last two weeks, we saw the ten families of malicious samples are spreading using the Log4j2 vulnerability Now. NetLab published a blog disclosing Mirai and Muhstik botnet samples propagating through Log4j2 RCE vulnerability. You will also find here the Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild.  Â
Â
For more articles, check out our #onpatrol4malware blog.
Ransomware playbook ITSM.00.099
Source: Government of Canada
Ransomware is a type of malware that denies a user’s access to a system or data until a sum of money is paid. It is a serious and evolving threat to Canadians. The impact of ransomware can be devastating to organizations. Read more.
Ten families of malicious samples are spreading using the Log4j2 vulnerability Now
Source: NetLab
On December 11, 2021, at 8:00 pm, NetLab published a blog disclosing Mirai and Muhstik botnet samples propagating through Log4j2 RCE vulnerability[1]. Read more.
When old friends meet again: why Emotet chose Trickbot for rebirth
Source: Check Point Research
Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Check Point Research observed Trickbot’s activities after the takedown operation. Read more.
Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild
Source: Bitdefender
On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). Read more.
APT31 INTRUSION SET CAMPAIGN
Source: ANSSI
In January 2021, ANSSI was informed of a large campaign of attacks against French entities linked to the APT31
intrusion set. The investigations carried out by ANSSI led to the analysis of the intrusion set’s entire chaine of infection. Read more.
ALPHV BlackCat – This year’s most sophisticated ransomware
Source: BleepingComputer
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments. Read more.
Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions
Source: Check Point Research
CPR spotted the resurgence of Phorpiex, an old threat known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping, and ransomware spread. Read more.