Sunday, December 1, 2019

APT Calypso RAT, Flying Dutchman Samples

Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.

Sunday, October 6, 2019

Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples)

2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram 

“Masad Clipper and Stealer” steals browser information, computer files,  and automatically replaces cryptocurrency wallets from the clipboard with its own.
It is written using Autoit scripts and then compiled into a Windows executable.
It uses Telegram to exfiltrate stolen information.

                             Malware Inventory (work in progress)

Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples

Linux/AirDropBot samples