Category Archives: VirusTotal

[SANS ISC] Malicious Excel Sheet with a NULL VT Score

Posted on by

I published the following diary on isc.sans.edu: “Malicious Excel Sheet with a NULL VT Score“: Just a quick diary today to demonstrate, once again, that relying only on a classic antivirus solution is not sufficient in 2020. I found a sample that just has a very nice score of 0/57 on VT. Yes, according to

The post [SANS ISC] Malicious Excel Sheet with a NULL VT Score appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Excel Sheet with a NULL VT Score

[SANS ISC] Tracking A Malware Campaign Through VT

Posted on by

I published the following diary on isc.sans.edu: “Tracking A Malware Campaign Through VT“: During the weekend, I found several samples from the same VBA macro. The only difference between all the samples was the URL to fetch a malicious PE file. I have a specific YARA rule to search for embedded

The post [SANS ISC] Tracking A Malware Campaign Through VT appeared first on /dev/random.

Continue reading [SANS ISC] Tracking A Malware Campaign Through VT

It Takes 48 Hours to Catch a Phishing Threat?

Posted on by

Fast-moving threats are taking days to appear on VirusTotal and other leading threat feeds leaving the bad actors an eternity to wreak havoc on remote workers.
The post It Takes 48 Hours to Catch a Phishing Threat? appeared first on Security Boulevard.
Continue reading It Takes 48 Hours to Catch a Phishing Threat?

Taiwan’s state-owned energy company suffers ransomware attack

Posted on by

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop. CPC Corp., an important national asset responsible for importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some of it computers and servers. Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to pay for gas. In Taiwan, CPC represents a high-value target for malicious hackers. Taiwan is heavily reliant on imports for its energy needs, and the company has invested in a number of offshore oil and gas projects. CPC’s official statement did not mention ransomware, but private-sector reports obtained by CyberScoop shed more light on the incident. Two of the malicious files used in the attack are detected as ransomware on VirusTotal, the […]

The post Taiwan’s state-owned energy company suffers ransomware attack appeared first on CyberScoop.

Continue reading Taiwan’s state-owned energy company suffers ransomware attack

Can you trust attachments with unfamiliar extensions?

Posted on by

Microsoft’s security experts have warned on Monday about several email malware delivery campaigns exploiting the COVID-19 pandemic targeting companies in the US and South Korea. What they have in common is the ultimate delivery of the Remcos RAT … Continue reading Can you trust attachments with unfamiliar extensions?

Why did Cyber Command back off its recent plans to call out North Korean hacking?

Posted on by

U.S. Cyber Command was on the verge of again publicly calling out North Korean hackers for targeting the financial sector in late September, but ultimately backed off the plan by early October, multiple sources familiar with the decision tell CyberScoop. The announcement was to be part of a Cyber Command effort to publicly share malware samples on VirusTotal, a web platform dedicated to tracking malware. Led by Cyber Command’s Cyber National Mission Force, those postings are intended to call out adversary-linked hacking in the hopes that it will deter groups from similar efforts in the future. It wasn’t clear why the decision was made to refrain from publicly posting malware samples this time around, despite the fact that Cyber Command has done so numerous times in recent months. It didn’t appear to be an issue of accuracy — the Pentagon outfit still decided to share private advisories with threat intelligence companies and the financial sector. A […]

The post Why did Cyber Command back off its recent plans to call out North Korean hacking? appeared first on CyberScoop.

Continue reading Why did Cyber Command back off its recent plans to call out North Korean hacking?

North Korean government hackers sanctioned by U.S. Treasury

Posted on by

Add the U.S. Treasury to the list of government agencies going after North Korean hackers. The Treasury’s Office of Foreign Assets Control announced Friday it is sanctioning three North Korean hacking groups it says are backed by Kim Jong-un’s regime, including the well-known Lazarus Group. The office also identifies two sub-groups of Lazarus Group, Bluenoroff and Andariel. Bluerunoff has targeted foreign financial institutions in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam, as well as the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system to conduct cyber-enabled financial heists in response to prior sanctions, according to OFAC. Andariel has been more focused on stealing cash and customer information from ATMs as well as targets in government agencies and in the defense industry, including those in South Korea to gather intelligence, according to OFAC. The U.S. government has previously linked Lazarus Group with the North […]

The post North Korean government hackers sanctioned by U.S. Treasury appeared first on CyberScoop.

Continue reading North Korean government hackers sanctioned by U.S. Treasury

Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware

Posted on by

Cyber Command’s largest-ever upload to VirusTotal exposes malware linked with North Korean government hackers, according to security researchers. #CNMF has posted multiple new malware samples: https://t.co/fSgk1xpG8t — USCYBERCOM Malware Alert (@CNMF_VirusAlert) September 8, 2019 Several of the malware samples have been tied to Lazarus Group, a group the U.S. government has linked with the North Korean government. Specifically, the samples look to be what’s known as “HOPLIGHT,” a trojan that has been used to gather information on victims’ operating systems and uses a public SSL certificate for secure communications with attackers. Cyber Command uploaded 11 malware samples in all. FireEye Managing Principal Threat Analyst Andrew Thompson said the upload signals to North Korea‘s government that it can’t remain anonymous in cyberspace. “Will this deter intelligence activities? Of course not. That’s foolish. What it does do is articulate [North Koreans] aren’t operating free from attribution, which limits the range of activities they should see as […]

The post Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware appeared first on CyberScoop.

Continue reading Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware

U.S. Cyber Command warns of North Korea-linked Lazarus Group malware

Posted on by

Malicious software samples uploaded by U.S. Cyber Command to VirusTotal on Wednesday are associated with campaigns from Lazarus Group, an advanced persistent threat group linked with North Korea, two cybersecurity researchers told CyberScoop. Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike. The instance Wednesday marks the second time in as many months Cyber Command added malware details to the VirusTotal security repository as part of an information sharing effort with the private sector. Researchers from cybersecurity firms Symantec and CrowdStrike said they have seen the two malware samples in this case (available here and here) associated with Lazarus Group. The technical capabilities of the malware strains were not immediately clear. The last samples Cyber Command shared were […]

The post U.S. Cyber Command warns of North Korea-linked Lazarus Group malware appeared first on CyberScoop.

Continue reading U.S. Cyber Command warns of North Korea-linked Lazarus Group malware

TrickBot: New Injects, New Host

Posted on by

What’s in the Name: Call it IcedID or TrickBot? Tell that to a security researcher (Arsh Arora in this case) and watch them RANT
(Gar-note: today’s blog post is a guest blog from malware analyst, Arsh Arora…) 

Today’s post starts w… Continue reading TrickBot: New Injects, New Host