Malware

Kimsuky APT continues to target South Korean government using AppleSeed backdoor - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.

Malware | Threat analysis

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

June 1, 2021 - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.

Read more
Aurora campaign: Attacking Azerbaijan using multiple RATs - We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.

Malware | Threat analysis

Aurora campaign: Attacking Azerbaijan using multiple RATs

April 6, 2021 - We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.

Read more
Cleaning up after Emotet: the law enforcement file - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Malware | Threat analysis

Cleaning up after Emotet: the law enforcement file

January 29, 2021 - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Read more
German users targeted with Gootkit banker or REvil ransomware - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Malware | Threat analysis

German users targeted with Gootkit banker or REvil ransomware

November 30, 2020 - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Read more
Release the Kraken: Fileless injection into Windows Error Reporting service - We discovered a new attack that injected its payload—dubbed

Malware | Malwarebytes news | Threat analysis

Release the Kraken: Fileless injection into Windows Error Reporting service

October 6, 2020 - We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.

Read more
Malspam campaign caught using GuLoader after service relaunch - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch

Malware | Threat analysis

Malspam campaign caught using GuLoader after service relaunch

July 30, 2020 - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch

Read more
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Malware | Threat analysis

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

June 17, 2020 - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.

Read more
New LNK attack tied to Higaisa APT discovered - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Malware | Threat analysis

New LNK attack tied to Higaisa APT discovered

June 4, 2020 - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Read more
Shining a light on “Silent Night” Zloader/Zbot - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Malware | Threat analysis

Shining a light on “Silent Night” Zloader/Zbot

May 21, 2020 - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Read more

Select your language