Monday March 06, 2017

File-Less Malware Attack Uncovered & Identified

Rule # 119 of the Cyber-Squirrel Handbook: Sometimes it's best not to taunt a Cyber Security Organization with hidden code in super stealthy malware.

On the 24th of February, Twitter user Simpo posted a picture of a string of malicious code with the words "SourceFireSux" encoded in Base64. This drew the interest of Cisco's Cyber Threat Intelligence Team "Talos," as many on that team are former members of the SourceFire Vulnerability Research group.

News Image

The Talos team accepted this challenge and began to hunt for a complete sample. After scouring the internet and piecing together code segments, Talos had unraveled what would be an ultra complex and sophisticated attack. An attack that is capable of executing malicious code and communicating with its handlers without writing a single byte to the file system. Thanks to Crixus for the links and write-up!

Discussion