<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=179060&amp;fmt=gif">

Minerva Labs Blog

News & Reports

Sedating The Kraken – Blocking APT32 Fileless Injection

Malwarebytes’s Threat Intelligence team has uncovered a new attack dubbed “Kraken”, which is attributed to APT32.

The attacker abused the Windows Error Reporting process by injecting malicious shellcode into a new instance of WerFault.exe (Windows Error Reporting binary name), thus subverting its behavior while assuming the identity of a legitimate windows binary.


In the image below, you can see how Minerva Labs blocks the “Kraken” attack with our Memory Injection Prevention module, preventing the initial infection.Contact Us

 

As an additional layer of defense, Minerva Labs' Hostile Environment Simulation will block the late stage shellcode by tricking it into believing it is executing in a virtual machine.

 

The full details of the attack can be found here.

 

Minerva Kraken

 

 

If you've been the victim of a Kraken attack, or would like to talk to Minvera Lab's about upgrading your protection, please contact us. 

 

Subscribe to Our Blog

Topics

see all