Collaborate Disseminate
Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government. Continue reading Russian Espionage Group Updates Custom Malware Suite
The custom RAT offers persistent access, data exfiltration and lateral network movement. Continue reading TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover
The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection. Continue reading TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
Researchers believe the threat group is based in China. Continue reading Calypso APT Emerges from the Shadows to Target Governments
One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs. Continue reading Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web
The Russian-speaking APT acts as a support group for high-profile APTs like Sofacy and BlackEnergy. Continue reading Zebrocy: A Russian APT Specializing in Victim Profiling, Access
A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew’s proprietary code. Continue reading New APT Could Signal Reemergence of Notorious Comment Crew
When we recently analyzed payloads related to Hidden Bee (dropped by the Underminer EK), we noticed something unusual. After reversing the malware, we discovered that its authors actually created their own executable format. Follow our step-by-ste… Continue reading Reversing malware in a custom format: Hidden Bee elements