Intezer Analyze May Community Roundup

See below some of the threats our community detected this month

1. Fileless Dridex sample, originally with five detections in VirusTotal, contains a payload that unpacks itself as shellcode. Learn about Intezer Analyze’s NEW unpacking capabilities

Screen Shot 2020 05 21 at 3.13.10 PM

2. H2Miner, with only two out of 59 detections in VirusTotal, targets vulnerable SaltStack instances using CVE-2020-11651/2. Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks

Screen Shot 2020 05 21 at 3.25.41 PM

3. Another H2Miner sample, also with two detections in VirusTotal, exploits vulnerabilities CVE-2020-11651/2.

Screen Shot 2020 05 21 at 4.02.00 PM

4. Fully undetected Linux LD-PRELOAD userland rootkit uploaded from the United States and Russia, hides SSH connections via hooking fopen on /dev/net/tcp and conceals itself via hooking readdir.

Screen Shot 2020 05 24 at 12.46.33 PM

5. Cross-platform wellmess Linux sample, written in Golang, has four detections in VirusTotal.

Screen Shot 2020 05 21 at 3.32.55 PM

6. Emotet sample, uploaded from Japan, has five out of 70 detections in VirusTotal. Automatic unpacking in Intezer Analyze reveals the payload shares code with an older Emotet variant. Search by hash fccc6f6e8b036fd9536649cfaef73b6e to analyze the older variant in Intezer Analyze. Try it Now

Screen Shot 2020 05 21 at 3.42.29 PM

Join the thousands of security professionals using the Intezer Analyze community edition to investigate suspicious
files and devices. Sign up for free at

Check out the new features on our YouTube channel:
NEW Malware Family View
NEW Unpack Evasive Payloads in Memory
NEW Search by String

The post Intezer Analyze May Community Roundup appeared first on Intezer.

Article Link: