Collaborate Disseminate
Intro:
The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting language—a fork of the AutoIt language that is f… Continue reading AHK RAT Loader Used in Unique Delivery Campaigns
Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has provided unique visibility into multiple FIN7 campaigns that our researchers were proud t… Continue reading The Evolution of the FIN7 JSSLoader
An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, some are independent and some act as a modular part of a lar… Continue reading The introduction of the Jupyter InfoStealer/Backdoor
Morphisec Labs has tracked a massive maldoc campaign delivering the QakBot/QBot banking trojan, starting earlier this month. Qakbot leverages advanced techniques to evade detection and hamper manual analysis of the threat. In this post we will men… Continue reading QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets–excluding any IP address within … Continue reading Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
The Trickbot trojan is one of the most advanced malware delivery vehicles currently in use. Attackers have leveraged it to deliver a wide variety of malicious code, in many different methods. Just yesterday, Bleeping Computer reported that news ar… Continue reading Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
A whopping 186.4 million Americans shopped in stores and online between Black Friday and Cyber Monday this year, according to the National Retail Federation. On average, these shoppers spent $361.90 per person over the five-day Thanksgiving weeken… Continue reading Trickbot Returns in a New eCommerce Shopping Campaign
Last week, a new strain of ransomware hit dozens of targets across Germany. The categorization as ransomware is really a misnomer as, while the attackers do demand a ransom, by that time the victim’s data has already been irreversibly wiped,… Continue reading Threat Alert: GermanWiper
Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family… Continue reading A look at Hworm / Houdini AKA njRAT