Jaromír Hořejší's profile photo

Jaromír Hořejší

Featured in: Favicon trendmicro.com

Articles

  • Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

    Sep 4, 2024 | trendmicro.com | Cedric Pernet |Jaromír Hořejší

    Malware Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.

  • Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

    Feb 26, 2024 | trendmicro.com | Cedric Pernet |Jaromír Hořejší

    The folder also contained an LNK file and a __MACOS folder with payload, this time timestamped Dec. 22, 2023. Similar to the previously analyzed archive, several stages lead to this last stage (namely Cobalt Strike), only with different configurations. The C&C server name abuses the name of the cybersecurity company Cybereason. The malleable profile is also different this time and uses different URLs, although the watermark remains the same.

  • Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

    Sep 18, 2023 | trendmicro.com | Joseph C Chen |Jaromír Hořejší

    When searching for the aforementioned strings, it’s possible to find a reference to YARA rules matching the Linux version of Derusbi. It is likely that the threat actor gained inspiration from the techniques used by other pieces of malware or possibly even had direct access to the Derusbi source code itself. The environment ID (client ID) consists of two components.

  • Analyzing a Facebook Profile Stealer Written in Node js

    Sep 5, 2023 | trendmicro.com | Jaromír Hořejší

    After the stealing process is completed, the client sends another status message to the server stating that the stealing process has been completed. In the case of a server pushing a message during the stealing process, the client responds with a “wait for the completion” message. The reason for the implementation of handling such messages is the activation of the stealing process.

  • Water Orthrus New Campaigns Deliver Rootkit and Phishing Modules

    May 15, 2023 | trendmicro.com | Jaromír Hořejší |Joseph C Chen

    This blog post discusses our analysis of CopperStealth’s and CopperPhish’s infection chains, and how they are similar to Water Orthrus. CopperStealth campaignThe first campaign distributed CopperStealth on March 8, 2023, delivering the malware via installers provided on a popular Chinese software sharing website. It disguised the malware as free software and targeted the country’s users.

Contact details

Emails

[email protected]

Socials & Sites

Try JournoFinder For Free

Search and contact over 1M+ journalist profiles, browse 100M+ articles, and unlock powerful PR tools.

Start Your 7-Day Free Trial →