![]() "We did encounter another crypter being advertised named PureCrypter, which isn't DarkTortilla but exhibits many of the same. "Despite scouring underground marketplaces and forums, we've been unable to find where or how DarkTortilla is being sold," Rob Pantazopoulos, senior security researcher at Secureworks Counter Threat Unit (CTU), told The Hacker News. That said, the exact modus operandi of how the crypter reaches the hands of the threat actors remains unclear, although it's suspected that it may be peddled on the criminal underground as a service. ![]() "Its capabilities and prevalence make it a formidable threat." "DarkTortilla is capable of evading detection, is highly configurable, and delivers a wide range of popular and effective malware," the researchers concluded. Of all the 10,000 samples tracked during the timeframe, only just about nine of them were used to spread ransomware – seven delivering Babuk and two others administering MedusaLocker. Secureworks said it identified an average of 93 unique DarkTortilla samples being uploaded to the VirusTotal malware database per week over a 17-month period from January 2021 to May 2022. ![]() Also employed are two other controls to guarantee the continued execution of the dropped WatchDog executable itself and the persistence for the initial loader. ![]() This technique is reminiscent of a similar mechanism adopted by a threat actor called Moses Staff, which, earlier this year, was found relying on a watchdog-based approach to prevent any interruption to its payloads. Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar! Save My Seat! Master the Art of Dark Web Intelligence Gathering ![]()
0 Comments
Leave a Reply. |