Ransomware Dissecting the three heads
This analysis delves into the intricacies of the Cerber ransomware focusing on its Linux variant. It dissects the malwares initial access vector exploiting CVE-2023-22518 in Confluence and examines its three highly obfuscated C++ payloads a stager for further payloads a log checker and the encryptor responsible for encrypting files. The report provides detailed insights into the functionality and behavior of each component including the encryption process communication with the C2 server and the ransom note left behind.