Go to listing page

Cyware Daily Threat Intelligence November 15, 2018

Cyware Daily Threat Intelligence November 15, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Mylobot, a sophisticated downloader which is capable of downloading any kind of malicious payload, has been spotted delivering the Khalesi malware. The botnet contains sophisticated anti-analysis techniques like staying hidden for 14 days before connecting to the C2. around 18,000 unique IP addresses, originating from Iraq, Iran, Argentina, China, India, Saudi Arabia, Chile, Russia, Vietnam, and Egypt, were found communicating with Mylobot's C2 servers. 

A new sophisticated malware campaign has been discovered targeting Spain and France. The malware, dubbed DarkGate, is being distributed via Torrent files and is targeting Windows systems. DarkGate comes packed with several functionalities. It is capable of cryptomining, data-stealing and remotely controlling targeted systems. DarkGate also has a ransomware component. The password-stealing component of the malware uses NirSoft tools to access user credentials, browser cookies, browser history, and Skype chats. The malware is believed to be closely related to the password-stealer Golroted.

Top Breaches Reported in the Last 24 Hours

New Jersey-based charity Kars4Kids accidentally leaked over 21,000 customers' and donor's personally identifiable information (PII). The breach was caused due to an unsecured MongoDB server, which contained information such as super admin credentials, usernames, passwords and more. A ransom note within the unsecured database was also discovered. It is still unclear whether malicious threat actors downloaded the entire Kars4Kids’ database or not, but the fact a ransom note was left is a strong indicator something nefarious took place.

Medical breach
The Southwest Washington Regional Surgery Center in Vancouver suffered a data breach that may have exposed personal information of 2,393 patients. Cybercriminals may have accessed patients’ names, Social Security numbers, driver’s license numbers, and medical information. The exposed medical information could potentially include diagnosis, treatment, surgery, medications, lab tests, health insurance information, and credit card numbers.


data breaches
khalesi malware
mylobot botnet
darkgate malware

Posted on: November 15, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.