CoreWarrior Spreader Malware Surge


This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle

The malware is a UPX-packed executable that has been manually tampered with and will not unpack using the standard UPX unpacker.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • Data-Wiping Cyberattacks Plague Financial Firms

    March 6, 2019

    Over a quarter of surveyed financial institutions reported that they were targeted by destructive cyberattacks over the past year, bent on completely destroying data. That’s according to a new Carbon Black report unveiled at RSA this year. The report, “Modern Bank Heists: The Bank Robbery Shifts to Cyberspace,” outlines the top attacks that financial firms are facing ...

  • IoT Devices Under Constant Attack

    March 4, 2019

    ‘Secure your IoT devices’ is the message from security specialist Cyxtera Technologies, after research found that IoT devices are now under constant attack. The research was conducted jointly by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design. They detected more than 150 million connection attempts to 4,642 distinct IP addresses ...

  • How the Dark Web Data Bazaar Fuels Enterprise Attacks

    March 3, 2019

    It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privacy concern, but it’s also increasingly an enterprise ...

  • New exploit lets attackers take control of Windows IoT Core devices

    March 2, 2019

    Speaking at a conference today, a security researcher has revealed a new exploit impacting the Windows IoT Core operating system that gives threat actors full control over vulnerable devices. The vulnerability, discovered by Dor Azouri, a security researcher for SafeBreach, impacts the Sirep/WPCon communications protocol included with Windows IoT operating system. Azouri said the vulnerability only impacts Windows ...

  • Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks

    February 27, 2019

    The notorious Chinese-linked threat group, dubbed Bronze Union, has been spotted in a widespread 2018 campaign updating its arsenal of cyberweapons by breathing new life into old tools. The threat group was spotted in 2018 using updated source code to target data owned by political, technology, manufacturing and humanitarian organizations, researchers with the Dell Secureworks Counter ...

  • Hackers target Elasticsearch clusters in fresh malware campaign

    February 27, 2019

    Security researchers have observed a spike in attacks from multiple threat actors targeting Elasticsearch clusters, in what is believed to be an attempt to spread malware on victims’ machines. Attackers appear targeting clusters using versions 1.4.2 and lower, and are leveraging old vulnerabilities to pass scripts to search queries and drop the attacker’s payloads, according to ...