Threat analysis

AvosLocker enters the ransomware scene, asks for partners

July 23, 2021 - We examine AvosLocker, a new ransomware aiming to grow into the coveted big game hunting space.

Read more

Remcos RAT delivered via Visual Basic

July 19, 2021 - We review a malware distribution campaign via malspam involving the Remcos remote access Trojan.

Read more

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

June 1, 2021 - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.

Read more

Revisiting the NSIS-based crypter

May 31, 2021 - In this blog we look at the constantly evolving NSIS crypter which malware authors have been leveraging as a flexible tool to pack and encrypt their samples.

Read more

SolarWinds attackers launch new campaign

May 28, 2021 - The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks.

Read more

A deep dive into Saint Bot, a new downloader

April 6, 2021 - Saint Bot is a downloader that has been used to drop stealers. We take a deep look at it and its accompanying panel.

Read more

Aurora campaign: Attacking Azerbaijan using multiple RATs

April 6, 2021 - We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.

Read more

New steganography attack targets Azerbaijan

March 5, 2021 - A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.

Read more

Cleaning up after Emotet: the law enforcement file

January 29, 2021 - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Read more