IDC: Unlocking the Power of SaaS and AI: The Next-Generation of Intelligent Applications (March 27th)
Old Cyber Gang Uses New Crypter - Scrubcrypt
Fortinet News, March 8th, 2023
March 8, 2023,
Volume 300, Issue 2

Between January and February 2023, FortiGuard Labs observed a payload targeting an exploitable Oracle Weblogic Server in a specific URI.

This payload extracts ScrubCrypt, which obfuscates and encrypts applications and makes them able to dodge security programs. It already has an updated version, and the seller's webpage (Figure 1) guarantees that it can bypass Windows Defender and provide anti-debug and some bypass functions.

We analyzed the malware injected into a victim's system and, as part of our analysis, identified the threat actor as 8220 Gang using collected indicators. This mining group first appeared in 2017. The name '8220' comes from its original use of port 8220 for network communications.

Read More ...

Keywords:

Other articles in the Fortinet News section of Volume 300, Issue 2:

See all archived articles in the Fortinet News section.