Malware Technologies – Page 14

DarkHalo after SolarWinds: the Tomiris connection

Posted on September 29, 2021 by Ivan Kwiatkowski, Pierre Delcher

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. Continue reading DarkHalo after SolarWinds: the Tomiris connection→

FinSpy: unseen findings

Posted on September 28, 2021 by GReAT

FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants. Continue reading FinSpy: unseen findings→

Detection evasion in CLR and tips on how to detect such attacks

Posted on September 21, 2021 by Alexander Rodchenko

In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks. Continue reading Detection evasion in CLR and tips on how to detect such attacks→

Detection evasion in CLR and tips on how to detect such attacks

Posted on September 21, 2021 by Alexander Rodchenko

QakBot technical analysis

Posted on September 2, 2021 by Anton Kuzmenko, Oleg Kupreev, Haim Zigel

This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules. Continue reading QakBot technical analysis→

Triada Trojan in WhatsApp MOD

Posted on August 24, 2021 by Igor Golovin

We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK). Continue reading Triada Trojan in WhatsApp MOD→

IT threat evolution Q2 2021

Posted on August 12, 2021 by David Emm

Ferocious Kitten, TunnelSnake, PuzzleMaker and other threat actors, zero-day vulnerabilities, ransomware and banking Trojans – check out our review of Q2 2021. Continue reading IT threat evolution Q2 2021→

LuminousMoth APT: Sweeping attacks for the chosen few

Posted on July 14, 2021 by Mark Lechtik, Paul Rascagneres, Aseel Kayal

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda. Continue reading LuminousMoth APT: Sweeping attacks for the chosen few→

Malicious spam campaigns delivering banking Trojans

Posted on June 24, 2021 by Anton Kuzmenko

In mid-March 2021, we observed two new spam campaigns delivering banking Trojans. The payload in most cases was IcedID, but we have also seen a few QBot (aka QakBot) samples. Continue reading Malicious spam campaigns delivering banking Trojans→

Black Kingdom ransomware

Posted on June 17, 2021 by Marc Rivero

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). Continue reading Black Kingdom ransomware→