seedファイルの罠 —— 本番環境デプロイ6つの誤算
https://qiita.com/I635230/items/14fca367fa831b4844ef?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #初心者 #lambda #デプロイ

BRUSHWORM and BRUSHLOGGER uncovered

A South Asian financial institution was targeted with two custom malware components: BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger. BRUSHWORM features anti-analysis checks, encrypted configuration, scheduled task persistence, modular payload downloading, USB worm propagation, and extensive file theft. BRUSHLOGGER uses DLL side-loading to capture system-wide keystrokes with window context tracking. The malware's low sophistication and implementation flaws suggest an inexperienced author, possibly using AI code-generation tools. Multiple testing versions were discovered on VirusTotal, indicating iterative development. The malware components combine to create a functional collection platform with modular loading, USB propagation, broad file theft, air-gap bridging, and persistent keystroke capture.

Pulse ID: 69c643be1c9656febe1f3cc6
Pulse Link: https://otx.alienvault.com/pulse/69c643be1c9656febe1f3cc6
Pulse Author: AlienVault
Created: 2026-03-27 08:45:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Asia #BackDoor #CyberSecurity #InfoSec #KeyLogger #Malware #OTX #OpenThreatExchange #RAT #Rust #SouthAsia #USB #VirusTotal #Worm #bot #AlienVault