Cyware Daily Threat Intelligence February 26, 2018

Data Keeper ransomware
A new ransomware, dubbed Data Keeper, has been discovered by security researchers in the wild. The ransomware is generated by a new Ransomware-as-a-Service (RaaS) service and is coded in .NET. The authors of Data Keeper are encouraging users to generate ransomware samples and distribute them to victims, with the promise of receiving a share of the ransom fee.

Avzhan DDoS
The Avzhan DDoS, initially discovered in 2010, made a comeback via a Chinese drive-by-attack. The most important capabilities of the bot are the different DDoS attacks that can be carried out remotely on any target. Few additions have been made to the malware to increase obfuscation capabilities.

OopsIE Trojan
OilRig threat actors are running a campaign which involves sending spoofed emails containing a malicious Microsoft document aka ThreeDollars--in order to spread the OopsIE Trojan. The threat group is adopting these new techniques to evade identification. Flash vulnerability
A new malspam campaign has been discovered using malicious word documents to exploit the latest Flash vulnerability (CVE-2018-4878). The critical vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions. Adobe has already released a patch for the bug.

Critical vulnerabilities in Drupal
Multiple vulnerabilities discovered in Drupal 7 and 8 have been patched. One moderately critical flaw is an access bypass issue that can allow users to view or download files on the private file system. The second flaw in Drupal 7 is a jQuery cross-site scripting vulnerability which occurs when Ajax requests.