Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Gootkit: Unveiling the Hidden Link with AZORult

Gootkit
Cybaze-Yoroi ZLAB revealed interesting a hidden connection between theAZORulttoolkit and specific Gootkitpayload. Introduction

In the last days, a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletinN020219the attack waves tried to impersonate legit communication from a known Express Courier. However, a deeper analysis by Cybaze-Yoroi ZLAB revealed interesting hidden aspects, spotting a connection between theAZORulttoolkit and a particularGootkitpayload.

Technical analysis Stage 1 – The Attached Javascript

Most of the infection attempts started with a particular email attachment: a compressed archive containing stealthy JavaScript code, most of the times able to avoid antivirus detection during the initial stages of the attack campaigns.

Hash12791e14ba82d36d434e7c7c0b81c7975ce802a430724f134b7e0cce5a7bb185Threatmalicious jsDescObfuscated malicious JS. This download first component and keep communication with C2 server.

Table 1:...(continued)

View All Trending Stories