Threat analysis

A deep dive into Saint Bot, a new downloader - Saint Bot is a downloader that has been used to drop stealers. We take a deep look at it and its accompanying panel.
Aurora campaign: Attacking Azerbaijan using multiple RATs - We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.
New steganography attack targets Azerbaijan - A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.
Cleaning up after Emotet: the law enforcement file - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat - A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.
SolarWinds advanced cyberattack: What happened and what to do now - Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.
German users targeted with Gootkit banker or REvil ransomware - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.
Malsmoke operators abandon exploit kits in favor of social engineering scheme - Threat actors behind malsmoke, one of the largest malvertising campaigns we've seen in recent months, have switched malware delivery tactics.
Release the Kraken: Fileless injection into Windows Error Reporting service - We discovered a new attack that injected its payload—dubbed

Select your language