Incidents

IM-Bot?

I recently came across an interesting IRCBot which KAV detects as Backdoor.Win32.IRCBot.lo.

When I took a closer look at it, I found out that it’s quite an advanced bot with a lot of features.

The thing which interested me most was the ability of the bot to spread via IM. There’s support for just about every IM-client.

It also started me thinking about the way malware which spreads via IM has evolved over the last year, specifically the shift from IM-Worm+IRCBot to ‘IM-Bot’ – an IRCBot which also includes IM-Worm functionality.

We’ll have an article about this on viruslist in the near future.

IM-Bot?

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox