CyberSecurity Insiders
JANUARY 26, 2022
As of the publishing of this article, antivirus (AV) vendor detection for BotenaGo and its variants remains behind with very low detection coverage from most of AV vendors. Even more worrisome, the samples continue to have a very low AV detection rate, as shown below in VirusTotal (figure 8). SURICATA IDS SIGNATURES.
Security Affairs
NOVEMBER 19, 2019
Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019 , detected and analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with Troldesh aka Shade being the most popular tool among cybercriminals. More than 80% of all malicious files were disguised as .zip
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
MAY 31, 2023
It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017). Due to its relatively large size, certain antivirus may choose not to analyze it, potentially bypassing detection.
CyberSecurity Insiders
NOVEMBER 11, 2021
As of the publishing of this article, BotenaGo currently has low antivirus (AV) detection rate with only 6/62 known AVs seen in VirusTotal: (Figure 1). Some AVs detect these new malware variants using Go as Mirai malware — the payload links do look similar. CVE-2017-6077. CVE-2017-18368. CVE-2017-6334.
Security Affairs
AUGUST 24, 2020
In some attacks, they attempted to elevate privileges using exploit for CVE-2017-0213. Interestingly, the threat actors likely didn’t have a clear plan on what to do with the compromised networks. For instance, to disable built-in antivirus software, the attackers used Defender Control and Your Uninstaller.
Security Affairs
JUNE 23, 2020
Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. In early 2017, he created accounts on several other Russian-speaking forums, including on the infamous exploit[.]in, Geography and victims. Proxy seller. The big fish.
Security Affairs
NOVEMBER 15, 2018
From today, malicious and suspicious files shared by users of Kaspersky Lab products in Europe will start to be processed in data centers in Zurich, initiating the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative.
Expert insights. Personalized for you.
81 
Let's personalize your content