LilacSquid Initial Access and Activity. (Credit: Cisco Talos)[/caption]
Once a system is compromised through exploiting vulnerabilities on internet facing devices, LilacSquid deploys multiple access tools, including MeshAgent, SSF, InkLoader, and PurpleInk.
[caption id="attachment_73286" align="aligncenter" width="1024"] LilacSquid's Lateral Movement via RDP. (Credit: Cisco Talos)[/caption]
MeshAgent, downloaded using bitsadmin utility, connects to its command and control (C2) server, conducts reconnaissance, and activates other implants.
On the other hand InkLoader, a .NET-based malware loader, is used when RDP credentials are compromised. It persists across reboots and executes PurpleInk, with the infection chain tailored for remote desktop sessions.
"Although QuasarRAT has been available to threat actors since at least 2014, we observed PurpleInk being actively developed starting in 2021 and continuing to evolve its functionalities separate from its parent malware family."It features robust remote access capabilities, including process enumeration, file manipulation, system information gathering, remote shell access, and proxy server communication. Different variants of PurpleInk exhibit varying functionalities, with some stripped-down versions retaining core capabilities to evade detection. InkBox, an older loader used by LilacSquid, reads from a hardcoded file path on disk, decrypts its contents, and runs PurpleInk. Since 2023, LilacSquid has modularized the infection chain, with PurpleInk running as a separate process via InkLoader. [caption id="attachment_73282" align="aligncenter" width="1024"]
PurpleInk Activation Chain (Credit: Cisco Talos)[/caption]
Post-exploitation, MeshAgent activates other tools like SSF and PurpleInk. MeshAgent, configured with MSH files, allows operators to control infected devices extensively, managing files, viewing and controlling desktops, and gathering device information.
PurpleInk: 2eb9c6722139e821c2fe8314b356880be70f3d19d8d2ba530adc9f466ffc67d8
Network IOCsย
67[.]213[.]221[.]6 192[.]145[.]127[.]190 45[.]9[.]251[.]14 199[.]229[.]250[.]142Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
When asked what makes this an โemotional support squidโ and not just another stuffed animal, its creator says:
Theyโre emotional support squid because theyโre large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for travelling, and, on a more personal note, when my mum was sick in the hospital I gave her one and she said it brought her โgreat comfortโ to have her squid tucked up beside her and not be a nuisance while she was sleeping.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
Some squids are โconsorts,โ others are โsneakers.โ The species is healthiest when individuals have different strategies randomly.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
A new bioadhesive makes it easier to attach trackers to squid.
Note: the article does not discuss squid privacy rights.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
Itโs a pretty awful story.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
New York Times op-ed on the Chinese dominance of the squid industry:
Chinaโs domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the world at a competitive disadvantage, eroding international law governing sea borders and undermining food security, especially in poorer countries that rely heavily on fish for protein. In some parts of the world, frequent illegal incursions by Chinese ships into other nationsโ waters are heightening military tensions. American lawmakers are concerned because the United States, locked in a trade war with China, is the worldโs largest importer of seafood.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
A new species of squid was discovered, along with about a hundred other species.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
Operation Squid found 1.3 tons of cocaine hidden in frozen fish.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
Newly discovered plant looks like a squid. And itโs super weird:
The plant, which grows to 3 centimetres tall and 2 centimetres wide, emerges to the surface for as little as a week each year. It belongs to a group of plants known as fairy lanterns and has been given the scientific name Relictithismia kimotsukiensis.
Unlike most other plants, fairy lanterns donโt produce the green pigment chlorophyll, which is necessary for photosynthesis. Instead, they get their energy from fungi.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
Paleontologists have discovered a 183-million-year-old species of vampire squid.
Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the heart of the European mainland. The research team believes that the remarkable degree of preservation of this squid is due to unique conditions at the moment of the creatureโs death. Water at the bottom of the sea where it ventured would have been poorly oxygenated, causing the creature to suffocate. In addition to killing the squid, it would have prevented other creatures from feeding on its remains, allowing it to become buried in the seafloor, wholly intact.
Research paper.
As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Read my blog posting guidelines here.
Login