Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. Read More HERE…
Trend Micro Research : Malware
A Look Into Purple Fox’s Server Infrastructure
By examining Purple Fox’s routines and activities, both with our initial research and the subject matter we cover in this blog post, we hope to help incident responders, security operation centers (SOCs), and security researchers find and weed out Purple Fox infections in their network. Read More HERE…
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware. Read More HERE…
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious actor’s latest attacks. Read More HERE…
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques. Read More HERE…
Groups Target Alibaba ECS Instances for Cryptojacking
We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. Read More HERE…
Does Home IoT Compromise Enterprise Security?
The most recent Pwn2Own (Fall 2021 Pwn2Own Austin) includes more IoT entries than ever. This gives us an opportunity to probe today’s largest and newest enterprise attack surface: the home office. Read More HERE…
PurpleFox Adds New Backdoor That Uses WebSockets Threat Intelligence Analyst Director, MDR Operations Threat Intelligence Analyst
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. Read More HERE…
PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. Read More HERE…
Ransomware Operators Found Using New “Franchise” Business Model Sr. Threat Researcher
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a “supplier” ransomware before deployment instead of simply distributing it under the original name. Read More HERE…