BLACK LOTUS LABS®

Since our initial report, Black Lotus Labs continues to monitor the WSL attack surface for new developments. In the last few months, we have identified several different samples that indicate the capability is evolving. 

Since its re-emergence on 14 Nov. 2021, Black Lotus Labs has once again been tracking Emotet, one of the world’s most prolific malware distribution families which previously infected more than 1.6M devices and caused hundreds of millions of dollars in damage across critical infrastructure, healthcare, government organisations and enterprises around the world.

Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID).

Black Lotus Labs recently identified several malicious files that were written primarily in Python and compiled in the Linux binary format ELF (Executable and Linkable Format) for the Debian operating system.

After publishing our initial research, we have continued to track this actor and recently uncovered an updated version of the ReverseRat agent, which we are calling ReverseRat 2.0.