Related Families: SOVA
Verticals Targeted: Financial, Cryptocurrency
Recent Posts
Related Families: CryLock
Verticals Targeted: Manufacturing, Finance, Construction, Agriculture, Marketing, Technology
Related Families: Pandora
Executive Summary
Sentinel One recently reported on CatB ransomware. CatB, also known as CatB99 or Baxtoy, was first seen in the wild in late 2022.
Related Families: Custom Python tools, AveMaria, Warzone RAT, LodaRAT, Stink
Verticals Targeted: Energy, Government, Healthcare
Executive Summary
YoroTrooper is a threat actor group observed targeting energy and government entities and an EU healthcare organization. Although YoroTrooper uses commodity and open-source tools, most of their final payloads are custom developed.
Related Families: LockBit, LockBit 3.0
Verticals Targeted: Multiple
Executive Summary
CYFIRMA recently reported on Exfiltrator-22, also known as EX-22, a new post-exploitation framework capable of spreading ransomware while evading detection.
Key Takeaways
- Exfiltrator-22, also known as EX-22, is a new post-exploitation framework capable of spreading ransomware while evading detection.
- Exfiltrator-22, which is a framework-as-a-service, is designed to primarily target corporate networks.
- Analysts at CYFIRMA have linked Exfiltrator-22 to former LockBit 3.0 affiliates.
Verticals Targeted: media, entertainment
Executive Summary
Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware.
Verticals Targeted: Gambling
Executive Summary
Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools.
Executive Summary
BlackLotus is the first known bootkit to bypass UEFI Secure Boot on fully updated Windows 11 systems. It leverages CVE-2022-21894 to bypass UEFI Secure Boot.