S2 Ep23: Unique Executions... How Unique Are They?
In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware breach, they discuss how attackers often reuse old techniques in new ways. This episode challenges the notion of what truly makes an execution unique, offering practical tips for staying ahead of evolving threats. 1. AON | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules: https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp 2. The DFIR Report | BlackSuit Ransomware: https://thedfirreport.com/2024/08/26/blacksuit-ransomware/ 3. Check Point Research | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove: https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/ 4. Google Cloud Blog | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?&web_view=true Stay in Touch! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc