The VBScripts were identified as MISPRINT/SIBOT.
FIREFOX 21 FOR MAC MD5 DOWNLOAD
Six (6) files are Visual Basic Script (VBScript) files designed to add the Windows registry keys to store and execute an obfuscated VBScript to download and execute a malicious payload from its C2 server. One (1) file is a text file that appears to be a configuration file for a SUNSHUTTLE sample. Two (2) of which were unpacked and included in this report. Four (4) executables written in Go were identified by FireEye as SUNSHUTTLE.One (1) of which was unpacked and included in this report. Three (3) executables written in Golang (Go) and packed using the Ultimate Packer for Executables (UPX) were identified by the security company FireEye as SOLARFLARE malware.
Seven (7) of the analyzed files are executables that attempt to connect to hard-coded command and control (C2) servers using Hypertext Transfer Protocol Secure (HTTPS) on port 443 and await a response upon execution. This report analyzes eighteen (18) files categorized by their associative behavior and structured configurations. This MAR includes suggested response actions and recommended mitigation techniques.
CISA and CNMF are distributing this MAR to enable network defense and reduced exposure to malicious activity.
Government to the Russian SVR Foreign Intelligence Service (APT 29, Cozy Bear, The Dukes). This report provides detailed analysis of several malicious samples and artifacts associated with the supply chain compromise of SolarWinds Orion network management software, attributed by the U.S. This Malware Analysis Report (MAR) is the result of analytic efforts between the Cybersecurity and Infrastructure Security Agency (CISA) and the Cyber National Mission Force (CNMF) of U.S.
0 kommentar(er)
