Researchers discovered a new wave of custom malware campaign named as “Dudell” from previous unknown cyberespionage group dubbed Rancor . Rancor Threat group active since 2017, and they continuously targeting the government organization until January 2019, in this current campaign, researchers discovered an undocumented custom malware. Additionally, the group using another malware family called “Derusbi” to load a secondary payload once it infiltrates a target, and malware will be installed in the victim’s machine by conducting 2 rounds of attack. Researchers observed that, the attacker sent via 149.28.156[.]61 to deliver either Derusbi or KHRat samples with either cswksfwq.kfesv[.]xyz or connect.bafunpda[.]xyz as C2. Rancor has a record of conducting targeted attacks in Southeast Asia throughout 2017 and 2018. DUDELL Malware Infection Process DUDELL malware initially observed form weaponized Microsoft excel document via malspam...
The Hacks001 blog is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.