SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Evil Corp rolls out new ransomware, variant of Zeus trojan
Description: Evil Corp, known for the creation of the infamous Zeus trojan, is actively attacking large corporations using fake documents disguised as job applications and resumes. The phishing emails claim to be someone looking for employment after losing their job due to the COVID-19 pandemic. The adversaries also recently released a new ransomware called "WastedLocker," which is believed to be a replacement for the BitPaymer ransomware strain the group used previously.
Snort SIDs: 54407, 54408
Title: Valak plugin goes after Microsoft Exchange users
Description: The Valak information-stealing malware now has new capabilities to specifically target Microsoft Exchange servers and steal users' email logins. Researchers have discovered at least 30 variants of Valak over the past six months, showing the adversaries are quickly adapting. The newest strain uses what's known as "reply-chain attacks," where the malware injects a malicious phishing email into an otherwise harmless email chain the user previously replied to.
Snort SIDs: 54401 - 54404