Executive Summary
Cyble recently reported on the resurgence of Cerber2021 ransomware, which targets both Windows and Linux systems.
Key Takeaways
Cerber2021 Targets Windows and Linux
Jun 30, 2022 10:18:47 AM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Cerber, CerberImposter, CVE-2022-26134, Cerber2021
PingPull Targets Telecom, Government, and Financial Verticals
Jun 27, 2022 12:56:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Financial, Government, Telecommunications, PingPull, Gallium
Executive Summary
Palo Alto’s Unit42 recently reported on PingPull, a RAT used by the Gallium threat actor group to target entities in the telecommunications, government, and financial verticals.
Lyceum .NET DNS Backdoor “DnsSystem”
Jun 24, 2022 11:22:18 AM / by PolySwarm Tech Team posted in Threat Bulletin, Lyceum, Hexane, Siamese Kitten, DnsSystem, .NET DNS Backdoor
Executive Summary
Zscaler recently reported on a new .NET DNS backdoor “DnsSystem” used by the threat actor group known as Lyceum. It is primarily used to target entities in the Middle East.
Symbiote Linux Malware
Jun 20, 2022 9:01:49 AM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Symbiote
Executive Summary
Intezer and BlackBerry recently reported on Symbiote, a difficult to detect Linux malware that relies on existing running processes to infect a system.
Pymafka Targets macOS, Windows, Linux
Jun 17, 2022 11:17:39 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike
Executive Summary
Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.
Enemybot IoT Malware
Jun 13, 2022 12:47:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Linux, Enemybot, CMS
Executive Summary
AT&T Alien Labs recently reported on Enemybot, an internet of things (IoT) malware targeting content management systems (CMS), Linux, and Android.
Key Takeaways
Follina MSDT Vulnerability (CVE-2022-30190)
Jun 6, 2022 10:54:53 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Follina, CVE-2022-30190, MS Office, MSDT
Background
Microsoft recently published an advisory on a newly identified zero-day vulnerability that affects Microsoft Support Diagnostic Tool (MSDT). CVE-2022-30190, which is being exploited in the wild, has been dubbed Follina by industry researcher Kevin Beaumont.
New ArguePatch Variant Spotted
May 31, 2022 12:03:49 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, CaddyWiper, Industroyer2, Sandworm, Voodoobear, ArguePatch
Background
ESET recently tweeted about a new version of ArguePatch, a malware loader used by VooDoo Bear (Sandworm) in multiple attacks against Ukrainian assets. ESET also gave an overview of the new version of ArguePatch on their WeLiveSecurity blog.