- Jun 9, 2013
- 6,720
A threat actor from Germany that goes by the handle Vicswors Baghdad appears to be behind the propagation of the Houdini malware on Pastebin sites—as well as actively editing an open source ransomware variant called MoWare H.F.D.
According to Recorded Future analyst Daniel Hatheway, there have been three distinct spike in malicious Visual Basic scripts (VBScript) posted on paste sites, the majority of which are the Houdini worm. Houdini first appeared in 2013 and was updated in 2016; the new spikes occurred last August and October, and in March of this year.
“The individual(s) reusing this Houdini VBScript are continually updating with new command and control servers,” Hatheway said in an analysis. “The VBScript communicates to the C2 server defined within the script. It then copies itself into a directory and establishes persistence by creating a registry key in one of the startup locations.”
Full Article. German Threat Actor Spreads Houdini Worm on Pastebin
According to Recorded Future analyst Daniel Hatheway, there have been three distinct spike in malicious Visual Basic scripts (VBScript) posted on paste sites, the majority of which are the Houdini worm. Houdini first appeared in 2013 and was updated in 2016; the new spikes occurred last August and October, and in March of this year.
“The individual(s) reusing this Houdini VBScript are continually updating with new command and control servers,” Hatheway said in an analysis. “The VBScript communicates to the C2 server defined within the script. It then copies itself into a directory and establishes persistence by creating a registry key in one of the startup locations.”
Full Article. German Threat Actor Spreads Houdini Worm on Pastebin
