Intezer cybersecurity experts spotted the new malware in August and dubbed it Vermilion Strike. It has been actively used in attacks targeting organizations.
The FBI cybersecurity experts: The ransomware hit at least 16 specific targets. The malware steals victims’ files and encrypts the servers to force a ransom payment.
Trend Micro cybersecurity experts: The malware (aka WickrMe) arrives via the CVE-2019-0604. Then, the threat actors exploit web shell to download Cobalt Strike.
The doc file starts malware infection thanks to the internal dll. The trojan is used as a downloader of other payloads such as Cobalt Strike and Ursnif / Gozi.
SANS cybersecurity experts: Campaign exploits a chain of Powershell obfuscated scripts to download the malware. Probably it’s the work of a ransomware gang.
Symantec cyber security experts spotted a ransomware campaign which exploits legitimate tools and both malware to earn big profits from large-multinational companies.
The cyber security experts: The malware is sent through a phishing campaign by TrickBot authors with different lures. Moreover, after a period of time, it installs Cobalt Strike on infected computer.
Cylance cyber security experts: The new malware targets a wide range of industries. It has been seen in conjunction with Cobalt Strike beacons and a downloader that has similarities to Shifu.