OilRig a threat actor actively know from 2016, now uses a new threat vector BONDUPDATER malware. It target middle eastern oil producing countries. It uses spear phishing email campaigns to propagate itself.
CHAINSHOT Malware use multiple steps to exploit a a Adobe Flash 0-day vulnerability CVE-2018-5002. Malware is multi stager and downloads additional DLLs to create Backdoor in the victim machine.
CobInt Malware by Cobalt Group is modular malware system written in C. CobInt mainly has three modules which it downloads on demand. First the initial downloader which usually comes in form word document via spear phishing email campaign.
PowerPool malware exploits a 0-day vulnerability in Microsoft Windows 7 to 10. This 0-day vulnerability targets the Advanced Local Procedure Call (ALPC) allows non-admin user to gain administrative privileges.
Rozena belongs to a growing family of file less malware. Its executable is disguised with Microsoft Office Word Document's icon that lure its victim to open it. Upon execution, it creates a file in Windows Temporary folder with a filename Hi6kI7hcxZwUI.