all InfoSec news
Elastic charms SPECTRALVIPER
June 9, 2023, 3:11 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Key takeaways,
- The REF2754 intrusion set leverages multiple PE loaders, backdoors, and PowerShell runners
- SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities
- We are attributing REF2754 to a Vietnamese-based intrusion set and aligning with the Canvas Cyclone/APT32/OceanLotus threat actor
The unsigned DLL (dbg.config) contained DONUTLOADER shellcode which it attempted to inject into sessionmsg.exe, the Microsoft Remote Session Message …
apt32 backdoor backdoors canvas capabilities directory download elastic file file upload impersonation injection intrusion key loaders manipulation obfuscated oceanlotus powershell runners takeaways threat token upload x64
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Information Security Engineer, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
BaaN IV Techno-functional consultant-On-Balfour
@ Marlabs | Piscataway, US
Senior Security Analyst
@ BETSOL | Bengaluru, India
Security Operations Centre Operator
@ NEXTDC | West Footscray, Australia
Senior Network and Security Research Officer
@ University of Toronto | Toronto, ON, CA