Off the Beaten Path: Recent Unusual Malware

SUMMARY :

This article examines three unique malware samples discovered in the past year. The first is a passive IIS backdoor written in C++/CLI, an uncommon language for malware. It has extensive functionality and appears professionally developed, possibly for targeted attacks. The second is a bootkit that installs a customized GRUB 2 bootloader to play Dixie through the PC speaker on boot. While sharing some characteristics with Equation Group malware, it's likely unrelated. The third is a new cross-platform post-exploitation framework called ProjectGeass, still in development. It has features like file management, keylogging, and payload execution. These samples demonstrate novel techniques being used by malware authors.

OPENCTI LABELS :

post-exploitation,bootkit,iis backdoor,c++/cli,projectgeass,dixie-playing bootkit,grub


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Off the Beaten Path: Recent Unusual Malware