OilRig a threat actor actively know from 2016, now uses a new threat vector BONDUPDATER malware. It target middle eastern oil producing countries. It uses spear phishing email campaigns to propagate itself.
PowerPool malware exploits a 0-day vulnerability in Microsoft Windows 7 to 10. This 0-day vulnerability targets the Advanced Local Procedure Call (ALPC) allows non-admin user to gain administrative privileges.
In order to check the current installed version of PowerShell use PSVersionTable.PSVersion. If PSVersion variable does not exists them it is Version 1.0, as it was available at that time.
Rozena belongs to a growing family of file less malware. Its executable is disguised with Microsoft Office Word Document's icon that lure its victim to open it. Upon execution, it creates a file in Windows Temporary folder with a filename Hi6kI7hcxZwUI.