Examples of Malware Used Against Australian Organisations

REMCOS

REMCOS is a Remote Access Trojan (RAT) being sold in hacking forums on the Dark Market for around $300 USD. It provides the following capabilities:

  • Interface: Sleek UI that make it easy for unsophisticated threat actors to compromise and control machines remotely
  • Espionage: screen capture, clipboard capture, keylogging, webcam capture, and microphone capture
  • Operational Security: RC4 encryption, software packing, strings obfuscation and events logging
  • Automation: ability to automate tasks, run commands, and download files

Mossé Security responded to several intrusions where the adversaries used REMCOS as a first-stage malware before installing more stealthy RATs on other systems.


COBALT STRIKE


BABAR


MIMIKATZ


SCREENCONNECT


TEAMSPY


GH0ST RAT


NETWIRE


Other Examples: Emotet, Graftor, Poison Ivy, PlugX, BlackMoon, Perseus, Meterpreter, Loda, Nymeria, NanoCore, Lazagne, Gemini, Hupigon, Quasar, Themida, PowerShell Empire, Mirai, Poweliks, BlackHole, PowerSploit, EternalBlue, EternalDrug, Locky, GandCrab, AgentTesla, Torn, Derusbi, Nishang, TinyMet, Viper, Pasam, Royal DNS, Winnit, NetTraveler.

Act Now!

Cyber security is about taking action. Contact us now.

Frequently Asked Questions

Why do adversaries use penetration testing tools or off-the-shelf malware?

Off-the-shelf malware and penetration testing tools provide excellent first-stage reverse-shells because if those tools are detected then adversary can easily replace them and doesn't risk revealing operational secrets contained in custom tools.

Furthermore, these tools are regularly updated with new obfuscation techniques that allow them to defeat anti-virus software.

Custom tools are often deployed later in the attack. Sometimes on machines with no direct Internet access.

How is it possible for adversaries to continuously evade global anti-virus companies that spend millions of dollars in security research?

Anti-virus companies analyse hundreds of thousands of never-seen-before files every month, process billions of security events per day, and are expected by their customers to never miss a cyber attack and never generate any false-positive alerts.

Adversaries employ techniques and tactics design to evade detection and bypass defenses:

  • Blending-In: attackers uses the same software that the network administrators use to manage the networks. For example: PSEXEC, Team Viewer, ScreenConnect, SCCM, and local administrator accounts
  • Obfuscation: attackers obfuscate binaries to evade anti-virus software and prevent security analysts from easily understanding the severity of the threat