This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.
Author: Aliakbar Zahravi
Security Vendor News
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
by Aliakbar Zahravi •
Trend Micro detected a new campaign using a recent version of the known FormBook infostealer. Newer FormBook variants used the recent Office 365 zero-day vulnerability, CVE-2021-40444.
Security Vendor News
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
by Aliakbar Zahravi •
In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems. This new variant also uses an updated obfuscation mechanism which we detail.
Security Vendor News
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
by Aliakbar Zahravi •
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on a…