Month: May 2019

OceanLotus’ new Downloader, KerrDown

OceanLotus’ new Downloader, KerrDown OceanLotus, also commonly referred to as APT32 is one of the most sophisticated threat actors originating out of south east Asia. PaloAlto Networks’ Unit42 have been tracking its use of a new downloader. Unit42 says: “While OceanLotus’ targets are global, their operations are mostly active within the APAC region which encompasses targeting private sectors …

OceanLotus’ new Downloader, KerrDown Read More »

News: AffinitasGlobal Recognised As Having High Growth Start-Up Potential

AffinitasGlobal Recognised As Having High Growth Start-Up Potential I’m very pleased to report that AffinitasGlobal have been recognised by the European Regional Development Fund as a potentially High Growth Start-Up. As such we have been accepted onto the High Growth Support programme and will benefit from a period of supported development via their mentor network. …

News: AffinitasGlobal Recognised As Having High Growth Start-Up Potential Read More »

DanaBot Updated with New C2 Communication

ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs. “The fast-evolving, modular Trojan DanaBot has undergone further changes, with the latest version featuring an entirely new communication protocol. The protocol, introduced to DanaBot at the end of …

DanaBot Updated with New C2 Communication Read More »

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software

“Security researcher Alex Inführ has discovered a severe remote code execution (RCE) vulnerability in these two open source office suites that could be triggered just by opening a maliciously-crafted ODT (OpenDocument Text) file. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the …

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software Read More »

Kuwait Oil Themed Malware Targeting Industry

A weaponized excel spreadsheet named “Kuwait oil Company Business Profile.xlsx” using “CVE-2016-7262” vulnerability has been identified by MalCrawler. Identified indicators are shown below: FileHash-MD5           7734b4f3fab4cb3c9edf5e185bebeacd 2FileHash-SHA256     b3e260db478ed2512ee7012054da262bc50df68f96f0e8156826bb87c354c12b 2FileHash-SHA1         bd9321fbf0e2e4e327b2a1d36566de96c6d0fa35 3CVE                            CVE-2016-7262 3FileHash-MD5          f1a3483db13c90412590765829441aa5 3FileHash-SHA256   fc0eb025d2c4ad4eb9a67cd43d82729d413f2b03234c301a9e0ae1cabad725da 3URL                           hxxp://199.192.22.207/~kockw/uploads/file1.xn--ps1\-jb7a 1URL                           hxxp://199.192.22.207/~kockw/uploads/mcafee1.exe 1domain                    kockw.us 1hostname               pdpaso.omnirat.cf Read the full article here.