Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.
New LNK attack tied to Higaisa APT discovered - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.
Shining a light on “Silent Night” Zloader/Zbot - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app - The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses - CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?
“Funky malware format” found in Ocean Lotus sample - Recently, one of our researchers presented at the SAS conference on
Spotlight on Troldesh ransomware, aka ‘Shade’ - Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows it's been successful against businesses in the first few months of 2019.
Analyzing a new stealer written in Golang - We captured a new information-stealing malware written in Golang (Go). Read up on our analysis of its functionality, as well as the tools researchers can use to unpack malware written in this relatively new programming language.
What’s new in TrickBot? Deobfuscating elements - TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. October 2018 marks end of the second year since TrickBot’s appearance. Possibly the authors decided to celebrate the anniversary by a makeover of some significant elements of the core. This post is an analysis of the updated obfuscation used by TrickBot’s main module.

Select your language