Over the past two weeks, we saw “FritzFrog”, a peer-to-peer (P2P) botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. And also, Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defense sector. The identified variants target job applicants for Lockheed Martin.
For more articles, check out our #onpatrol4malware blog.
FritzFrog: P2P Botnet Hops Back on the Scene
Source: Akamai
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. Read more.
Modified Elephant APT And A Decade Of Fabricating Evidence
Source: Sentinel LABS
SentinelLabs published research into the operations of a Turkish-nexus threat actor we called EGoManiac, drawing attention to their practice of planting incriminating evidence on the systems of journalists to justify arrests by the Turkish National Police. Read more.
LolZarus: Lazarus Group Incorporating Lolbins into Campaigns
Source: Qualys Community
Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin. Read more.
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
Source: ASEC
On January 26th, 2022, the ASEC analysis team has discovered that the Kimsuky group was using the xRAT (Quasar RAT-based open-source RAT) malware. Read more.
PrivateLoader: The first step in many malware schemes
Source: Intel471
This report focuses on the PrivateLoader modular downloader programmed in the C++ programming language connected to an unidentified PPI service. Read more.
Roaming Mantis reaches Europe
Source: SecureList by Kaspersky
Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. Kaspersky has been tracking Roaming Mantis since 2018 and published five more blog posts about this campaign. Read more.
FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware
Source: CISA
The FBI has released a Flash report detailing IOCs associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation. Read more.