<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<span style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="margin:0px;background-color:rgb(255, 255, 255)"><span style="margin:0px;font-size:14.67px">Hello,</span></span></span>

<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)"><span style="margin:0px;background-color:rgb(255, 255, 255);display:inline !important"></span>

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;color:black;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:14.67px;background-color:white">I hope everyone is doing well!</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">Below is the entry for today.</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">10/08/2021 - Diary entry #365<br>

<br>

</div>

<blockquote style="font-size:14.67px;background-color:white;margin-top:0px;margin-bottom:0px">

<div style="margin:0px"></div>

<div style="margin:0px"></div>

This week a new malware targeting Linux systems was found. Dubbed FontOnLake, it's a very modular threat, using a combination of Trojanized applications, Backdoors and Rootkits. The disclosed samples are written in C/C+. FontOnLake is a very recent threat,

 having been active since May 2020.

<div><br>

</div>

<div>The malware starts its execution using trojanized standard Linux utilities that are commonly executed on system startup. The trojanized application can then start the other components and communicate with the Rootkit and Backdoors modules using a Virtual

 File created in the Linux environment.</div>

<div><br>

</div>

<div>For the C&C connection, this malware embeds a large list of domains. When executed, it takes a random domain, resolves, and communicates using HTTP requests on a non-standard port. The response is an AES encrypted blob, encoded using base64, that contains

 another IP address and port, which the malware will use to receive the commands.</div>

<div><br>

</div>

Among this malware's features are the capability to exfiltrate data and files, download additional malware samples, act as a proxy and execute arbitrary commands and python scripts. These features make FontOnLake an effective tool for lateral movement inside

 an infected network, where each infected machine acts as a proxy bridge for others, allowing the malware to reach deep inside the network. Although there is no relation so far with ransomware incidents, this behavior is compatible with Trickbot and other botnets

 used to deploy ransomware inside infected networks, after the file exfiltration and lateral movements phase. The initial infection vector is still unknown, but the sophistication of this threat suggests it's mostly used for targeted attacks.

<div></div>

<span></span>

<div style="margin:0px"></div>

<span style="margin:0px"></span>

<div style="margin:0px"><br>

</div>

</blockquote>

<span style="margin:0px;font-size:14.67px;background-color:white">Kind Regards,</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div></div>

<div></div>

<div></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-family:"Times New Roman"; font-size:medium; text-align:start">

<tbody>

<tr>

<td width="180" align="left" style="width:180px">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/"><img alt="" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/"><img width="18" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity"><img width="20" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ"><img width="26" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p> </p>

</td>

<td width="350" colspan="2" rowspan="2" style="width:350px">

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

<strong>Felipe Duarte Domingues</strong><br>

Security Researcher<br>

<strong>Appgate</strong></p>

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

E:<span> </span><font color="#228ebe"><a href="mailto:felipe.duarte@appgate.com" title="mailto:felipe.duarte@appgate.com">felipe.duarte@appgate.com</a></font><br>

O: <span style="background-color:rgb(255,255,255); display:inline!important">+55 19 98840 2509</span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>