Art Appraisal Blog

Summary AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that targets victims across multiple critical infrastructure sectors in the United States, including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. In addition to handling ransom negotiations directly, AvosLocker is also responsible for publishing and hosting exfiltrated victim data after affiliates have infected targets. Therefore, AvosLocker indicators of compromise (IOCs) differ according to the...

Introduction TrickBot is an advanced banking Trojan that was first identified in 2016. Malicious threat actors spread this trojan primarily by spearphishing campaigns using tailored emails that contain malicious attachments or links, which – if enabled – execute the underlying malware. As per the joint advisory released by The Cybersecurity and Infrastructure Security Agency (CISA) and The Federal Bureau of Investigation (FBI), “TrickBot – first identified in 2016 – is...

Introduction: Rootkits are covert computer programs designed to provide unrestricted access to a computer without being detected. The term “Rootkit” is the combination of the words “root” and “kit.” Originally, rootkits were the tools that granted administrators access to a computer system or network. “Root” is the term used to refer to the superuser or administrator who, by default, has access to all files and commands in a Unix/Linux system....

Introduction: The term virus stands for ‘Vital Information Recourse Under Siege.’ Fred Cohen first defined the term ‘computer virus’ in 1983. Computer viruses are malicious code or programs that alter the way a computer operates and can multiply itself from one computer to another without the user’s permission. A virus installs or attaches itself to a legitimate program or document supporting macros to execute its code. Computer viruses behave differently...

Introduction: Cybercriminals use various methods to penetrate a device or network by exploiting the vulnerabilities in the operating system or applications. When a website is compromised, the attackers often leave some piece of malware behind to gain access back to the site. By rejecting an open door, hackers attempt to remain in control of a website and infect it continuously. This is called backdoor malware. Backdoors in cybersecurity are the...

Introduction: MuddyWater APT group has been active since 2017, focusing primarily on victims in the Middle East countries using in-memory vectors leveraging PowerShell. This family leverage “living off the land” attack technique as it does not require creating new binaries on the victim’s computer, maintaining a low detection profile, and minimal forensic footprint. MuddyWater group has targeted countries throughout the Middle East countries, Europe, and United States. MuddyWater APT was...

Introduction The term “Trojan” is typically derived from the ancient Greek story of Troy. Trojans work similarly to the wooden horse in the story, introducing something unexpected under disguise. Trojans are malware disguising themselves as a legitimate file to trick the victims into clicking, downloading, or installing the malicious software onto the machine. It generally infects files, systems, or memory by concealing its actual content so that the user thinks...

What is Malware? Malware, or malicious software, refers to any program or code that infects a computer and causes damage to it. Malware is malicious software that targets and seeks to damage, disable, or destroy computers, computer networks, tablets, and mobile devices, often by taking control of a device’s operations. It interferes with the normal functioning of the device. Malware is the umbrella term that covers all malicious software –...

Scenario An organization was hacked using the SQL injection and database access through its website. After penetrating the network and machine, the attacker created an account named “daemon” and then escalated the privileges to obtain more control of the network. Then the attacker injected a malware file called “hackit.exe” into the devices and established a connection to the command-and-control server to download additional malicious malware files named “malware.exe” after propagation....

What is Botnet? The bot is a piece of malware that executes commands under the control of a remote attacker by infecting a computer system. The botnet is a network of malware-infected computers controlled by the bot herder. A botherder manages the botnet infrastructure and uses compromised computers to crack networks, inject malware, harvest credentials, and execute CPU-intensive tasks on targets. A botnet is merely a collection of connected devices....