|
|
|
|
|
|
by gus_
461 days ago
|
|
|
The campaign is using Go packages just as a mechanism to download a ransomware for Linux systems, and it specifically checks if the Documents/ directory exists for the current user. If it doesn't exist it does nothing. That's probably why the malware sandboxes are not detecting the outbound connections and the encrypting activity. |
|
|