NET framework includes individual compilers for various programming languages, such as VB.NET, and C#. To put it simply, these stubs are components of small Windows® executable files that act as downloaders for a subsequent main payload. What stood out to us, in the course of conducting that research into the final stages of the malware, was the MSIL stub used in the delivery of the third stage of the malware that was first noted by ESET Research. We’ve covered details regarding WhisperGate in a previous blog, which provides a more extensive breakdown into the third and fourth stages of the wiper. When we investigated these stubs further and looked for others like them, we found them to be used in the delivery of a far larger array of commodity. We’ll discuss what we found, and what it can tell us about the methods threat actors are finding useful to accomplish their nefarious actions.Īnalysis of the WhisperGate malware wiper targeting Ukraine in early 2022 first shone a light on using a Microsoft Intermediate Language (MSIL) stub as a delivery mechanism for the malware, which was abusing the Discord content delivery network (CDN). In this post, we’ll retrace our steps down a surprising rabbit hole that was revealed while examining this momentous malware. When the WhisperGate wiper was discovered – a multi-staged malicious wiper disguised as ransomware – researchers dug in to see what we could learn about the techniques used by its authors, and what it could teach us about the threat landscape in general. Source: Security Affairs.Įarlier this year, as the rest of the world was just beginning to turn a concerned eye to unsettling military actions in Ukraine, the security industry’s attention was trained on malicious cyber activity in the country. Update 05.27.22 : An unknown APT group is targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Ukraine conflict.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |