A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed “WildPressure,” the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code. According to researchers at Kaspersky, which sinkholed one of the WildPressure command-and-control (C2) domains in September, the vast majority of visitor IPs to the operators’ malicious infrastructure were from the Middle East, with the rest being made up of scanners, TOR exit nodes or VPN connections. Among the victims are some industrial targets, the firm found. The malware carries out basic system reconnaissance, including inventorying the types of files housed on infected machines, according to the research. And, it can fetch updates from its C2, which could include additional, second-stage functionality. Simple and Direct The approach used to build the trojan is very straightforward, according to Denis Legezo, security researcher with Kaspersky, writing in a post on Tuesday. For instance, all of the Milum samples are standalone executable files, the researcher discovered. Further, the code’s built-in configuration data includes hardcoded C2 URLs and encryption/decryption keys for communication. Once installed, the malware will create a directory called “ProgramDataMicappWindows,” and parse this configuration data in order to form a beacon to send to its C2. To send the beacon, Milum…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-03-24 17:01:002020-03-24 17:01:00Unknown ‘WildPressure’ Malware Campaign Lets Off Steam in Middle East
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com