Has GOLD SOUTHFIELD resumed operations? [Research Saturday]
CyberWire Daily
00:00
Reverse Engineering
The a c c s configuration element was used to authenticate remote resources such as t map drives. The sample that we identified, the march 20 22 sample, actually had credentials stored within it,. So that kind of answered that question that we had of what kind of credentials would be stored within thereit turns out to be targeted credentials. One, i guess t e unfortunate side effect of this is that because they'are targeted credentials. Now, if these samples get released into the wild, it may be easy for or other people to figure out that you were compromised and infected with reval ransom. Even kthough that information may not have been made public.
Play episode from 12:11
Transcript
