GaryDec 5, 2022
Well, #theWormCircus looks like it’s gonna be fun 😳
Show threadTod Maffin πŸ‡¨πŸ‡¦Dec 5, 2022

@JPEGuin One thing I do see still happening is that Mammoth appears to ignore the filter list I’ve set up on my instance’s web UI.

Here are two screenshots -- Mammoth and Metatext. Metatext honours the filter on #TheWormCircus but Mammoth still lets it through.

Sophos X-OpsDec 5, 2022

Like a bad penny, an effective malware-propagation tactic will just keep turning up.

We note with interest that other security researchers have also recently spotted the venerable sideloading attack we wrote about earlier this month... #infosec #threatintel #ioc #TheWormCircus

https://news.sophos.com/en-us/2022/11/03/family-tree-dll-sideloading-cases-may-be-related/

Family Tree: DLL-Sideloading Cases May Be Related

A threat actor’s repeated use of DLL-hijack execution flow makes for interesting attack results, including omnivorous file ingestion; we break down five cases and find commonalities

Sophos News