Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 31/05/2022

31th of May 2022 - Winners of the 22th week : Redline, AgentTesla and FormBook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

29/06/2022

Distribution :

TLP : WHITE  

What's new?

Redline (NC)

NEW SYK CRYPTER DISTRIBUTED VIA DISCORD

#Morphisec Threat Labs team released a report about a current threat regarding popular attack chain with a new SYK crypter.

Starting from a phishing infection with a common subject as such as "New order", this attack uses the content delivery network of #Discord to download the next stage and, then assembles what will be the #.NET crypter named SYK because of the name of the decryptor resource. The last step delivers the malware which could be #AsyncRAT, #njRAT, #QuasarRAT, #WarzoneRAT, #NanoCoreRAT or #RedLine. In addition to the crypter mechanism, it also has an anti-debugging and a persistence function to avoid antivirus detection.

This type of attack chain is an answer to the massive use of signature based detection tools.

https://blog.morphisec.com/syk-crypter-discord

 

Download the report

 

 

Print Email