Threat analysis

AvosLocker enters the ransomware scene, asks for partners - We examine AvosLocker, a new ransomware aiming to grow into the coveted big game hunting space.
Remcos RAT delivered via Visual Basic - We review a malware distribution campaign via malspam involving the Remcos remote access Trojan.
Kimsuky APT continues to target South Korean government using AppleSeed backdoor - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.
Revisiting the NSIS-based crypter - In this blog we look at the constantly evolving NSIS crypter which malware authors have been leveraging as a flexible tool to pack and encrypt their samples.
SolarWinds attackers launch new campaign - The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks.
A deep dive into Saint Bot, a new downloader - Saint Bot is a downloader that has been used to drop stealers. We take a deep look at it and its accompanying panel.
Aurora campaign: Attacking Azerbaijan using multiple RATs - We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.
New steganography attack targets Azerbaijan - A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.
Cleaning up after Emotet: the law enforcement file - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Select your language