SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Long-running trojan spotted in the wild using another campaign to target users in South Asia
Description: Cisco Talos recently discovered another new campaign distributing the malicious remote access trojan (RAT) ObliqueRAT. In the past, Talos connected ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT. These two malware families share similar maldocs and macros. This new campaign, however, utilizes completely different macro code to download and deploy the ObliqueRAT payload. The attackers have also updated the infection chain to deliver ObliqueRAT via adversary-controlled websites. This new campaign is a typical example of how adversaries react to attack disclosures and evolve their infection chains to evade detections. Modifications in the ObliqueRAT payloads also highlight the usage of obfuscation techniques that can be used to evade traditional signature-based detection mechanisms.
Snort SIDs: 57168 - 57175
ClamAV signature: Doc.Downloader.ObliqueRAT-9835361-0
Title: Cisco discloses three critical vulnerabilities
Description: Cisco patched three critical vulnerabilities for some of the company’s high-end software systems last week — two that effect the Application Services Engine and one that exists in the NX-OS operating system. The most severe of the vulnerabilities is rated a 10 out of 10 on the CVSS scale. Cisco’s advisory states an attacker could exploit this vulnerability to bypass authentication on a targeted device by receiving a token with administrator-level privileges. They could then authenticate to the targeted devices’ API.
Snort SIDs: 57222, 57223