Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Uptycs Threat Research

Uptycs Threat Research

Research and updates from the Uptycs Threat Research team.

Evasive Techniques Used By Malicious Linux Shell Scripts

Evasive Techniques Used By Malicious Linux Shell Scripts

Research by: Siddartha Sharma and Adhokshaj Mishra

In our previous blog, we discussed the common utilities in Linux which are generally used by threat actors in the attack chain. This blog discusses the common defense evasion techniques which are mostly used in malicious shell scripts and how Uptycs detects them.

Discovery of Simps Botnet Leads To Ties to Keksec Group

Discovery of Simps Botnet Leads To Ties to Keksec Group

Research by Siddartha Sharma and Ashwin Vamshi

Uptycs' threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities. We discovered the Simps Botnet binaries downloaded via shell script sample and Remote Code Execution vulnerability exploits by Gafgyt - detailed in our earlier post. 

IcedID campaign spotted being spiced with Excel 4 Macros

IcedID campaign spotted being spiced with Excel 4 Macros

Research by Ashwin Vamshi and Abhijit Mohanta

Quick-Look Summary:

  • IcedID appears to be taking the place of Emotet, based on a significant influx of samples in our threat intelligence systems
  • A majority of these IcedID samples are distributed via xlsm files attached to emails
  • We’ve identified three ways these Excel 4 Macros are evading detection

Recent trends in malicious document techniques, targets, and attacks

Recent trends in malicious document techniques, targets, and attacks

Research by Ashwin Vamshi and Abhijit Mohanta

The Uptycs threat research team is monitoring ongoing targeted attacks and trends. We’ve recently seen threat actors and APT groups frequently using two document-based techniques: template injection and the Equation Editor exploit. In this piece, we’ll cover these oft-used techniques and provide details on the APT groups applying them.

Confucius APT deploys Warzone RAT

Confucius APT deploys Warzone RAT

Research by Abhijit Mohanta and Ashwin Vamshi

Uptycs' threat research team published a piece about Warzone RAT and its advanced capabilities in November 2020. During the first week of January 2021, we discovered an ongoing targeted attack campaign related to Confucius APT, a threat actor / group primarily targeting government sectors in South Asia. This attack was identified by our in-house osquery-based sandbox that triggered a detection on Warzone RAT activity.