Collaborate Disseminate
New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. Continue reading ToddyCat: Keep calm and check logs
For those unfamiliar with the sport of mountain biking, it’s a wild hobby that is rife with hacking. It started in the early 70s when the first dedicated mountain bikers …read more Continue reading $800 Mountain Bike Seat Post Chopped In Two
ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. Continue reading APT ToddyCat
I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“: Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar
The post [SANS ISC] More Undetected PowerShell Dropper appeared first on /dev/random.
Continue reading [SANS ISC] More Undetected PowerShell Dropper
While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor. Continue reading GhostEmperor: From ProxyLogon to kernel mode
Despite its diminutive proportions, the thrust to weight ratio of the DJI Mini 2 is high enough that it can carry a considerable amount of baggage. So it’s no surprise …read more Continue reading LED Hack Teaches DJI Mini 2 Drone New Tricks
Recent spearphishing emails spread the Hackbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper. Continue reading Hackbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments
Researchers say incidents of mobile malware are becoming more common and growing more sophisticated. Continue reading ‘Black Rose Lucy’ is Back, Now Pushing Ransomware
The tricky trojan has evolved again, to stay a step ahead of defenders. Continue reading TrickBot Adds ActiveX Control, Hides Dropper in Images