Threat Intelligence

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

May 16, 2022 - Malwarebytes Threat Intelligence has uncovered an attack using the lure of information about the war in Ukraine to target people in Germany.

Read more

APT34 targets Jordan Government using new Saitama backdoor

May 10, 2022 - A deep dive into a sophisticated attack that used the Saitama backdoor.

Read more

Ransomware: April 2022 review

May 6, 2022 - April 2022 saw the arrival of three new ransomware gangs and the unwelcome return of an old enemy.

Read more

Nigerian Tesla: 419 scammer gone malware distributor unmasked

May 5, 2022 - Scamming, phishing and other data theft is all part of Nigeria Tesla's portfolio.

Read more

Ransomware: March 2022 review

April 11, 2022 - Get the latest information on ransomware trends with our monthly review.

Read more

Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

April 5, 2022 - We discovered an interesting trick used by Colibri Loader to survive reboots that takes advantage of a legitimate command in PowerShell.

Read more

New UAC-0056 activity: There’s a Go Elephant in the room

April 1, 2022 - In late March, the cyber espionage group UNC2589 also known as SaintBear launched a spear phishing campaign targeting several entities in Ukraine. In this blog we review this attack and the intended payloads.

Read more

New spear phishing campaign targets Russian dissidents

March 29, 2022 - We've identified a new campaign using a combination of exploits, malicious macros and other lures that is targeted at Russian individuals who may have violated restrictions imposed by the Russian government.

Read more

Double header: IsaacWiper and CaddyWiper

March 18, 2022 - We review two of the latest wipers that have targeted Ukraine recently.

Read more