In early 2024, analysts at the Positive Technologies Expert Security Center (PT ESC) discovered a malicious sample. The cybersecurity community named it Poco RAT after the POCO libraries in its C++ codebase.
At the time of its discovery, the sample had not been linked to any known threat group. The malware came loaded with a full suite of espionage features. It could upload files, capture screenshots, execute commands, and manipulate system processes. Patterns in its tactics, techniques, and procedures linked it to a known player. Dark Caracal, the group behind Bandook, was a clear match. The dropper used in Poco RAT closely resembled Bandook’s, reinforcing the connection.
Read more…
Source: Positive Technologies
Related:
- Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
July 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...