Dridex Malware

MM Core In-Memory Backdoor Returns As “BigBoss” And “SillyGoose”

Forcepoint’s Security Labs have identified two new malware variants – ‘BigBoss’ and ‘SillyGoose’ based on the MM Core backdoor.  Discovered in 2013 and also known as ‘BaneChat’, MM Core is used for targeted attacks. MM Core spawned a spin off named ‘StrangeLove’ shortly after discovery and then remained seemingly dormant for years. The release of ‘BigBoss’ and ‘SillyGoose’ as early as June 2016, highlights that it is possible for malware to make a strong comeback, even a number of years later. Carl Leonard, Principal Security Analyst at Forcepoint commented below.

Carl Leonard, Principal Security Analyst at Forcepoint:

Carl Leonard“We’ve found that although MM Core’s version has incremented twice, the core backdoor remains almost the same with the exception of new file and mutex names – showing that these malicious actors have been cunningly updating the malware just enough to keep their operation under the radar.

SillyGoose has now expanded its operations into the United States and Africa, whereas previously MM Core was limited to Middle Eastern and Central Asian countries and has a particular focus on news and media, government defence, oil and gas manufacturing and telecommunications industries.”