Collaborate Disseminate
Introduction As of October 2019, commodity ransomware campaigns conducted by financially motivated threat actors pose a significant threat to organisations. The three distinguishing characteristics of such campaigns are: first, they are usually high vo… Continue reading Buran Ransomware Targets German Organisations through Malicious Spam Campaign
In my previous blog post on L0rdix RAT, I took a look at its panel and builder components that have been circulating through underground forums recently. I identified a key as part of that analysis, 3sc3RLrpd17, embedded in one of the PHP pag… Continue reading Decrypting L0rdix RAT’s C2
L0rdix is a multipurpose remote access tool (RAT) that was first discovered being sold on underground criminal forums in November 2018. Shortly after its discovery, Ben Hunter of enSilo analysed the RAT’s functionality. Although L0rdix’s author s… Continue reading An Analysis of L0rdix RAT, Panel and Builder
Posted by Josh Stroschein, Ratnesh Pandey and Alex Holland. For an attack to succeed undetected, attackers need to limit the creation of file and network artifacts by their malware. In this post, we analyse an attack that illustrates two popular tactic… Continue reading Congratulations, You’ve Won a Meterpreter Shell
Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass a Windows Defender attack surface reduction rule Fast evolution of d… Continue reading Tricks and COMfoolery: How Ursnif Evades Detection