- Jul 1, 2017
- 1,396
The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal
“Recognizing the value of collaboration with the public sector, the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity,” CNMF said in a statement.
The first two samples are files called rpcnetp.dll and rpcnetp.exe, which are both detected as dropper mechanisms for what was formerly known as the Computrace backdoor trojan, often associated with the Russia-based APT28/Fancy Bear group.
“The particular pair of samples, Computrace/LoJack/Lojax, is actually a trojanized version of the legitimate software ‘LoJack,’ from a company formerly called Computrace (now called Absolute). The trojanized version of the legitimate LoJack software is called LoJax or DoubleAgent,” a spokesperson from Chronicle told Threatpost.
Announcement: New CNMF initiative shares malware samples with cybersecurity industry > U.S. Cyber Command > News Display
VirusTotal account of Cybercom: VirusTotal Community profile for CYBERCOM_Malware_Alert - VirusTotal
“Recognizing the value of collaboration with the public sector, the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity,” CNMF said in a statement.
The first two samples are files called rpcnetp.dll and rpcnetp.exe, which are both detected as dropper mechanisms for what was formerly known as the Computrace backdoor trojan, often associated with the Russia-based APT28/Fancy Bear group.
“The particular pair of samples, Computrace/LoJack/Lojax, is actually a trojanized version of the legitimate software ‘LoJack,’ from a company formerly called Computrace (now called Absolute). The trojanized version of the legitimate LoJack software is called LoJax or DoubleAgent,” a spokesperson from Chronicle told Threatpost.
Announcement: New CNMF initiative shares malware samples with cybersecurity industry > U.S. Cyber Command > News Display
VirusTotal account of Cybercom: VirusTotal Community profile for CYBERCOM_Malware_Alert - VirusTotal