![]() Specifically, Renato Marinho of Morphus Labs posted his analysis of a variant using Facebook and YouTube profiles to dynamically adjust C2 addresses using trusted domains. This past fall (in 2019) a lot of great analysis surfaced for new variants of the fileless malware Astaroth. Malware who’s main purpose is to be a trojan horse for another actor’s ultimate payload and objectives. As a result, we’ve seen the evolution of malware like Emotet into MaaS (Malware as a Service) options. If all it takes is an A/V signature to kill either then it’s not going to be profitable. Threat actors put a lot of effort into protecting both delivery mechanisms and that ultimate payload to extend its value. ![]() There’s an appreciation I have for one of the more difficult tasks for an attacker: reliably gaining a foothold on a network with a payload that works. I always find myself drawn to the deep analysis of malware and delivery techniques. Over the past couple of years I’ve worked closely with threat intel groups to understand emerging threats. The Threat Landscape: MaaS, Astaroth, and CloudFlare Workers When it comes to CloudFlare, you’ll see we can replace the middle redirector server layer, and in some cases even the payload hosting/delivery layer.
0 Comments
Leave a Reply. |