all InfoSec news
Initial research exposing JOKERSPY
Malware Analysis, News and Indicators - Latest topics malware.news
Key takeaways,
- This is an initial notification of an active intrusion with additional details to follow
- REF9134 leverages custom and open source tools for reconnaissance and command and control
- Targets of this activity include a cryptocurrency exchange in Japan
To identify other binaries signed with the same identifier, we converted XProtectCheck-55554944f74096a836b73310bd55d97d1dff5cd4 to hexadecimal and searched VirusTotal to identify 3 additional samples (content:{5850726f74656374436865636b2d35353535343934346637343039366138333662373333313062643535643937643164666635636434}).
Each contained the same core functionality with structural differences. These discrepancies may indicate that these …
command command and control control cryptocurrency cryptocurrency exchange exchange exposing identify intrusion japan key notification open source open source tools reconnaissance research takeaways tools virustotal