C2

GET TO THE CHOPPAH

A new variant of this tool, previously reported in 2013 by TrendLabs, was submitted to VirusTotal from the Philippines on March 27th, 2017. Its original filename, 2017.exe, was prescient since it has the ability to exploit CVE-2017-5638 and other previous Apache STRUTS vulnerabilities. File Details File Name: 2017.exe File Size: 107008 bytes MD5:        …

Kingslayer – A Supply Chain Attack

Today, RSA is publishing new research on a sophisticated software supply-chain attack – dubbed “Kingslayer”. RSA Research investigated the source of suspicious, observed beaconing thought to be associated with targeted malware. In the course of their investigation, RSA discovered a sophisticated software supply-chain attack involving a Trojan inserted in otherwise legitimate software; software that is…

Automate Detection and Detect Early with Leading Indicators

The ultimate goal of any security monitoring program or Security Operations Center (SOC) team is to automate threat detection, to detect earlier in the attack lifecycle and to stop the threat actors from achieving their desired objectives of disrupting their business or stealing their IP or money. “Automating Threat Detection”, sounds simple enough, but how…

Peering into GlassRAT

Today RSA is reporting GlassRAT, a previously undetectable Remote Access Tool (RAT) which was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise.   While the malware was not detectable by endpoint antivirus products, RSA Security Analytics was able to identify and alert on its network…