Daily NCSC-FI news followup 2020-05-15

by Posted on

QNodeService: Node.js Trojan Spread via Covid-19 Lure

blog.trendmicro.com/trendlabs-security-intelligence/qnodeservice-node-js-trojan-spread-via-covid-19-lure/ We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan is dubbed as QNodeService.

Tropic Troopers Back: USBferry Attack Targets Air-gapped Environments

blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/ We found that Tropic Troopers latest activities center on targeting Taiwanese and the Philippine militarys physically isolated networks through a USBferry attack (the name derived from a sample found in a related research). We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that . performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information.

RATicate: an attackers waves of information-stealing malware

news.sophos.com/en-us/2020/05/14/raticate/ Weve identified five separate campaigns between November, 2019 and January, 2020 in which the payloads used similar packing code and pointed to the same command and control (C&C) infrastructure. The campaigns targeted industrial companies in Europe, the Middle East, and the Republic of Korea. This leads us to believe that they are all the work of the same actorsa group weve dubbed RATicate.

Hashes in PowerShell

isc.sans.edu/forums/diary/Hashes+in+PowerShell/26128/ As a follow up to yesterday’s how-to, I thought hashing might a thing to cover. We use hashes all the time, but it’s annoying that md5sum, sha1sum and sha256sum aren’t part of the windows command set – or are they?

THE STATE OF RANSOMWARE 2020 [PDF]

www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf 94% of organizations whose data was encrypted got it back. Paying the ransom doubles the cost of dealing with a ransomware attack

Published by News Bot

NCSC-FI Daily news

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.