8/31/2023 0 Comments Malware named pipe![]() ![]() We believe that infections are associated with software update systems for a Ukrainian tax accounting package called MeDoc. We have observed no use of email or Office documents as a delivery mechanism for this malware. The identification of the initial vector is still under investigation. Unlike WannaCry, Nyetya does not appear to contain an external scanning component. This behavior is detailed later in the blog under "Malware Functionality". The sample leverages EternalBlue, EternalRomance, WMI, and PsExec for lateral movement inside an affected network. Talos is identifying this new malware variant as Nyetya. Today a new malware variant has surfaced that is distinct enough from Petya that people have referred to it by various names such as Petrwrap and GoldenEye. In May 2017, WannaCry ransomware took advantage of a vulnerability in SMBv1 and spread like wildfire across the Internet. ![]() Since the SamSam attacks that targeted US healthcare entities in March 2016, Talos has been concerned about the proliferation of malware via unpatched network vulnerabilities. Update 12:30 EDT: Updated to explain the modified DoublePulsar backdoor. This information should be considered preliminary and will be updated as research continues. Note: This blog post discusses active research by Talos into a new threat. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |