New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromis...

New Mac cryptominer has 23 older variants

On February 1, a new Mac cryptominer was discovered being distributed via a hack of the MacUpdate website. Since then, we've been doing some digging and found that this isolated incident was just the tip of the iceberg. The malware delivered by the MacUpdate hack appears to be the culmination of...

DDoS Exploit Targets Open Source Rejetto HFS

Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server Rejetto HFS. Someone was trying to exploit a...

MalwaRE - Malware Repository Framework

malwaRE is a malware repository website created using PHP Laravel framework, used to manage your own malware zoo. malwaRE was based on the work of Adlice team with some extra features. If you guys have any improvements, please let me know or send me a pull request. Features Self-hosted solution...

FBI Director James B. Comey RSA Conference Keynote

SAN FRANCISCO – Outgoing FBI Director Robert Mueller predicted to his successor James B. Comey that cybersecurity would dominate his 10-year tenure much the same way terrorism did Mueller’s. “After five months, he’s right,” Comey said today during his keynote address at RSA Conference 2014. Comey...