Crowdstrike

Mirai Malware for Linux Double Down on Stronger Chips

Popular for compromising internet-connected devices and conducting distributed denial of service (DDoS) attacks, Mirai malware variants have been known to compromise devices that run on Linux builds.

How eCriminals Monetize Ransomware

Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability.

Compromised Docker Honeypots Used For Pro-Ukrainian DoS Attack

There may be a risk of retaliatory activity by threat actors supporting the Russian Federation, against organizations being leveraged to unwittingly conduct disruptive attacks against government, military, and civilian websites.

OverWatch Uncovers Ongoing NIGHT SPIDER Zloader Campaign

The initial installers were masquerading as legitimate installers, but the programs were also packaged with malicious scripts and payloads to perform automated reconnaissance and download the Zloader trojan, and in some cases, Cobalt Strike.

PROPHET SPIDER Exploits Citrix ShareFile Vulnerability to Deliver Webshell

At the start of 2022, CrowdStrike found PROPHET SPIDER exploiting CVE-2021-22941 vulnerability impacting Citrix ShareFile Storage Zones Controller to compromise a Microsoft IIS web server.

How to Decrypt the PartyTicket Ransomware Targeting Ukraine

Analysis of the ransomware indicates it superficially encrypts files and does not properly initialize the encryption key, making the encrypted file with the .encryptedJB extension recoverable.

Kubernetes Container Escape Using Linux Kernel Exploit

Seccomp profile protects Linux namespace boundaries. But Kubernetes by default doesn’t apply any Seccomp or AppArmor/SELinux profile restrictions when the pod is scheduled to run.

An Analysis of Novel Tactics and Techniques Used in StellarParticle Campaign

StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”).

TellYouThePass Ransomware Analysis Reveals Modern Reinterpretation Using Golang

TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang. The popularity of Golang among malware developers makes cross-platform development more accessible.

How DopplePaymer Hunts & Kills Windows Processes

DoppelPaymer hijacks ProcessHacker and exploits KProcessHacker to kill a list of processes, including both antivirus (AV) and endpoint detection and response (EDR) applications.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags