One of the common malware being reported nowadays is the Remote Access Trojan or RAT, such as the LodaRAT. Written in Autolt, LodaRAT not only have abandoned their usual obfuscation techniques, but several functions have also been rewritten and new functionality has been added. Learn more about this malware and more in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
RampantKitten: An Iranian Surveillance Operation unraveled
Source: Checkpoint
Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. Read more.
New Snort, ClamAV coverage strikes back against Cobalt Strike
Source: Cisco Talos
Cisco Talos recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfuscation and exfiltration of data via Cobalt Strike, a common toolkit often used by adversaries. Read more.
LokiBot Malware
Source: CISA
LokiBot—also known as Lokibot, Loki PWS, and Loki-bot—employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials. Read more.
APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
Source: Quointelligence
The malware used in the APT28 campaign attack was the Zebrocy Delphi version. All the artifacts had very low Anti-Virus (AV) detection rates on VirusTotal when they were first submitted. Read more.
Threat landscape for industrial automation systems. H1 2020
Source: Kaspersky
Kaspersky have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. Read more.
Federal Agency Compromised by Malicious Cyber Actor
Source: CISA
In coordination with the affected agency, CISA conducted an incident response engagement, confirming malicious activity. The following information is derived exclusively from the incident response engagement. Read more.
Microsoft Security — detecting empires in the cloud
Source: Microsoft
MSTIC observed the evolution of GADOLINIUM using cloud services and open source tools to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection. Read more.
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
Source: Amnesty
This report provides technical information on these recent FinSpy samples in order to aid the cybersecurity research community in further investigations. Read more.
LodaRAT Update: Alive and Well
Source: Cisco Talos
LodaRAT, a remote access trojan written in AutoIt, not only have abandoned their usual obfuscation techniques, but several functions have also been rewritten and new functionality has been added. Read more.
No Rest for the Wicked: Evilnum Unleashes Pyvil Rat
Source: Cybereason
Evilnum’s operations appear to be highly targeted with a focus on the FinTech market by way of abusing the Know Your Customer regulations (KYC), documents with information provided by clients when business is undertaken. Read more.
MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA
Source: CISA
The malware variant, known as SlothfulMedia, has been used by a sophisticated cyber actor. CISA and CNMF are distributing this MAR to enable network defense and reduced exposure to malicious activity. Read more.