The Packet Rat – The Packet Rat: sniffing my way through cyberspace
Description: The Packet Rat: sniffing my way through cyberspace
Search The Packet Rat The Packet Rat: sniffing my way through cyberspace Menu About Search Search for: Close search Close Menu About Categories Uncategorized Rats of a different ilk Post author By Sean Gallagher Post date July 15, 2020 No Comments on Rats of a different ilk Yesterday, I pushed the publish button on some additional research I assisted Markel Picado with on RATicate, an actor that had been sending tailored malicious emails to victims loaded with malware installers. They appear to be a Malware
The interesting thing is that they appear to have been using the same commercial crypting/packing tool as the actors behind GuLoader malware tracked by CheckPoint–this thing called CloudEyE Protector , the successor to DarkEyE Protector. The operators of that crypter-as-a-service shut it all down when people came asking about their malware distribution, and swore they would ban the bad actors.
Welp, they’re back in business, and they’re following some very rigorous (lol) vetting of customers. Sebastiano and Ivano pinky promise to very closely monitor usage and look out for shenanigans. The problem with grey tools like this–which have a legitimate use as an obfuscator and license protection scheme–are always going to have abusers. The only way to tell the bad from the good is behavior-based detection.
The Packet Rat – The Packet Rat: sniffing my way through cyberspace