Yoroi-Cybaze ZLab cyber security experts: It’s compiled for Linux. The malware is targeting hundred of thousand WordPress powered websites, and part of them are related to Italy.
Yoroi-Cybaze ZLAB cyber security experts: It doesn’t rely on standard communication interfaces, suggesting increased level of customization. It leverages Java Instrumentation techniques.
Yoroi-Cybaze ZLab cyber security experts develop a free decryptor for the ransomware. The tool, however, requires the malware process to be active.
Yoroi-Cybaze ZLab cyber security experts: ISO images in particular are exploited. Analyzing a cyber attack against an Italian firm, it emerged the XpertRAT and a Delphi wrapper.
Kaspersky cyber security experts: The ransomware uses exploits to escalate privileges and targets the Asia-Pacific region. Is the malware the heir of GandCrab?
Cyber security expert and Yoroi founder, Marco Ramilli, analyzed the two state-sponsored groups to look for strong and weak similarities.
The cyber security expert, Marco Ramilli, analyzed it to match the clues e find if Iranian state-sponsored hackers are behind the operation. Something says Yes, something diverge.
Cybaze-Yoroi ZLAB cyber security experts: The campaign shows the Matryoshka structure to chain SFX archives, typical of APT implant, and the use of a legit third party RAT as payload.
Yoroi-Cybaze cyber security experts noticed a suspicious attack on an organization with spear phishing email and a RMS used as a RAT. The target is not linked to Banking-Retail sectors.
Yoroi-Cybaze cyber security experts: They are “The Broken Doc”, “Hide Payload with Office Developer Mode”, and “Spoofed Signature”or “Certificate Spoofing”.