Malware

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Malware | Threat analysis

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

June 17, 2020 - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Read more
New LNK attack tied to Higaisa APT discovered - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Malware | Threat analysis

New LNK attack tied to Higaisa APT discovered

June 4, 2020 - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Read more
Shining a light on “Silent Night” Zloader/Zbot - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Malware | Threat analysis

Shining a light on “Silent Night” Zloader/Zbot

May 21, 2020 - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Read more
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app - The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Mac | Malware | Threat analysis

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

May 6, 2020 - The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Read more
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses - CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Malware | Threat analysis

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses

May 15, 2019 - CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?

Read more
“Funky malware format” found in Ocean Lotus sample - Recently, one of our researchers presented at the SAS conference on

Malware | Threat analysis

“Funky malware format” found in Ocean Lotus sample

April 19, 2019 - Recently, one of our researchers presented at the SAS conference on "Funky malware formats"—atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.

Read more
Spotlight on Troldesh ransomware, aka ‘Shade’ - Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it's been successful against businesses in the first few months of 2019.

Malware | Threat analysis

Spotlight on Troldesh ransomware, aka ‘Shade’

March 6, 2019 - Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it's been successful against businesses in the first few months of 2019.

Read more
Analyzing a new stealer written in Golang - We captured a new information-stealing malware written in Golang (Go). Read up on our analysis of its functionality, as well as the tools researchers can use to unpack malware written in this relatively new programming language.

Malware | Threat analysis

Analyzing a new stealer written in Golang

January 30, 2019 - We captured a new information-stealing malware written in Golang (Go). Read up on our analysis of its functionality, as well as the tools researchers can use to unpack malware written in this relatively new programming language.

Read more
What’s new in TrickBot? Deobfuscating elements - TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. October 2018 marks end of the second year since TrickBot’s appearance. Possibly the authors decided to celebrate the anniversary by a makeover of some significant elements of the core. This post is an analysis of the updated obfuscation used by TrickBot’s main module.

Malware | Threat analysis

What’s new in TrickBot? Deobfuscating elements

November 12, 2018 - TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. October 2018 marks end of the second year since TrickBot’s appearance. Possibly the authors decided to celebrate the anniversary by a makeover of some significant elements of the core. This post is an analysis of the updated obfuscation used by TrickBot’s main module.

Read more

Select your language