Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. By: Abraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza December 17, 2021 Read time:  ( words) We recently published how Squirrelwaffle emerged as a loader using two exploits in a recent spam campaign in the Middle East. Further monitoring and analysis from our incident response and extended detection and response teams (IR/XDR)…

Read More

Metropolitan school system blocks threats with cybersecurity platform

Metropolitan school system blocks threats with cybersecurity platform

Metropolitan school system blocks threats with cybersecurity platform | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website…

Read More

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

Conclusion The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However, both techniques are noteworthy and still work despite their lack of novelty due to singular detection technologies’ limitations. For instance, while the use of compromised installers has been observed with other malware, the large file size can still challenge detection solutions — such as sandboxes — which may implement file…

Read More

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Exploits & Vulnerabilities Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. By: Mohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar November 19, 2021 Read time:  ( words) In September, Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is…

Read More
1 2