GReAT – Page 8 – WindowsTechs.com

APT trends report Q3 2020

Posted on November 3, 2020 by GReAT

For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3 2020. Continue reading APT trends report Q3 2020→

Why master YARA: from routine to extreme threat hunting cases. Follow-up

Posted on September 29, 2020 by GReAT

On 3rd of September, we were hosting our webinar, in which we shared best practices on YARA usage. Due to timing restrictions we were not able to answer all the questions, therefore we’re trying to answer them here. Continue reading Why master YARA: from routine to extreme threat hunting cases. Follow-up→

An overview of targeted attacks and APTs on Linux

Posted on September 10, 2020 by GReAT

Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux… Read Full Article Continue reading An overview of targeted attacks and APTs on Linux→

APT trends report Q2 2020

Posted on July 29, 2020 by GReAT

This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020. Continue reading APT trends report Q2 2020→

MATA: Multi-platform targeted malware framework

Posted on July 22, 2020 by GReAT

The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems. Continue reading MATA: Multi-platform targeted malware framework→

GReAT Ideas follow-up

Posted on July 15, 2020 by GReAT

The two hours of our first “GReAT Ideas. Powered by SAS” session were not enough for answering all of the questions raised, therefore we try to answer them below. Continue reading GReAT Ideas follow-up→

The Tetrade: Brazilian banking malware goes global

Posted on July 14, 2020 by GReAT

This article is a deep dive intended for a complete understanding of these four banking trojan families: Guildma, Javali, Melcoz and Grandoreiro, as they expand abroad, targeting users not just in Brazil, but in the wider Latin America and Europe. Continue reading The Tetrade: Brazilian banking malware goes global→

Cycldek: Bridging the (air) gap

Posted on June 3, 2020 by GReAT

While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. Continue reading Cycldek: Bridging the (air) gap→

COMpfun authors spoof visa application with HTTP status-based Trojan

Posted on May 14, 2020 by GReAT

In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun. Continue reading COMpfun authors spoof visa application with HTTP status-based Trojan→

Naikon’s Aria

Posted on May 8, 2020 by GReAT

Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. Continue reading Naikon’s Aria→