BlueCrab Ransomware Installing Hacking Tool CobaltStrike in Corporate Environments Posted By jcleebobgatenet , February 5, 2021 The ASEC analysis team confirmed that during the BlueCrab ransomware (=Sodinokibi, REvil) infection process, which is distributed in JS form, the CobaltStrike hacking tool was distributed under certain conditions. CobaltStrike hacking tool is a limited tool used for mock hacking test purposes under legitimate purposes; however, it has been actively used in malware since the recent source code leak. Since recently confirmed BlueCrab ransomware distribution JS file checks the corporate Active Directory (AD) environment and installs the CobaltStrike hacking tool…
BlueCrab Ransomware’s Continuous Attempts to Bypass Detection Posted By jcleebobgatenet , February 3, 2021 BlueCrab Ransomware (=Sodinokibi Ransomware) is a ransomware that is being vigorously distributed to Korean users. It distributes through a fake forum web page created using various search keywords. The infection process begins at the moment when a user runs the JS file downloaded from the distribution page. The distribution page appears in the front pages of a search engine, allowing it to be easily accessible. Because of this, cases of infection are being continuously reported by users. ASEC analysis team…
