BlackSquid Malware Sample Download
Information security company Trend Micro said it had found a new family of malware, nicknamed by researchers as BlackSquid. It infects web servers, network drives and removable drives by installing mining software through many different exploits.
BlackSquid in particularly is dangerous for various reasons. It uses anti-virtualization, anti-debug and anti-sandbox methods to determine whether to continue with the installation or not. Take advantage of warming techniques for lateral propagation and use some of the most famous exploits today such as EternalBlue, DoublePulsar and other exploits are for CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and three ThinkPHP exploits for multiple versions".
BlackSquid stop its execution if username of the victim is its list of command sandbox username or disk drive is one of a sandbox's one.
BlackSquid stop its execution if username of the victim is its list of command sandbox username or disk drive is one of a sandbox's one.
BlackSquid Worm Signatures
Family: Trojan:Win32/Occamy.C MD5: 7371d0d76e7eae5f0a55589edabfeb86 SHA256: 14f8dc79113b6a2d3f378d2046dbc4a9a7c605ce24cfa5ef9f4e8f5406cfd84d
BlackSquid Worm Download
BalckSquid CVE-2017-8464 Exploit Signatures
Family: Exploit:Win32/CplLnk.B MD5: fe2bc6b60f9a1b846a8214adf9f2c33e SHA256: 8974da4d200f3ca11aa0bc800f23d7a2be9a3e4e6311221888740c812d489116
BalckSquid CVE-2017-8464 Exploit Download
