Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 20/12/2021

20th of December 2021 - Winners of the 51th week : Redline, NjRAT and Formbook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

20/12/2021

Distribution :

TLP : WHITE  

What's new?

Orcus (NC)

Orcus RAT is now downloaded through Log4Shell to drop Khonsari Ransomware

#Orcus, previously known as #Schnorchel, is a Remote Access Trojan (#RAT), which enables remote control of infected systems. The malware can grab screenshots and record user input. It is also able to detect if launched on virtual machine. This malware often disguises itself as a cheat code or crack, so it is mostly delivered to a system as an archive file with the compressed executable file inside and often uses #.NET infrastructure, available in Windows. #Orcus RAT commonly makes its way into target machines as a downloadable attachment in malicious spam emails. Campaigns are often highly targeted and aim at organizations rather than at individuals. Among the threats delivered using #Log4Shell exploits, a new ransomware family was found by #Bitdefender: #Khonsari. Initially Attackers have used a simple java file named “Main.class” as a downloader to spread the ransomware. Two days after #Khonsari was first spotted, December 13th, the attackers changed the “Main.class” file to deliver #Orcus RAT.

 

https://www.netskope.com/blog/khonsari-new-ransomware-delivered-through-log4shell

 

Download the report

 

 

Print Email