Collaborate Disseminate
Introduction
The Agent Tesla infostealer has been around since 2014. During the last two to three years, it’s also had a significant distribution growth factor partially due to the fact that cracked versions of it have been leaked.
The post Agent… Continue reading Agent Tesla: A Day in a Life of IR
The Morphisec Labs team has prevented on our customers’ sites a massive Trickbot and Emotet phishing campaign during the 10th and 11th of September. Trickbot is one of the most advanced malware delivery frameworks active today; it constantly evolv… Continue reading Trickbot/Emotet Delivery through Word Macro
Morphisec Labs has tracked a massive maldoc campaign delivering the QakBot/QBot banking trojan, starting earlier this month. Qakbot leverages advanced techniques to evade detection and hamper manual analysis of the threat. In this post we will men… Continue reading QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days,… Continue reading Morphisec Knowledge Update: New WastedLocker Ransomware Causes Havoc Among Some of the Leading Enterprises in the U.S.
Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering new weaknesses in collaboratio… Continue reading How COVID-19 Has Altered the Enterprise Cyberattack Landscape
The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets–excluding any IP address within … Continue reading Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
As part of a rapid change in the work environment during the COVID-19 pandemic, Morphisec Labs has been tracking the change in the attack trend landscape. This has included the evolution of adware, PUA, and fraudulent software bundle delivery beyo… Continue reading CrystalBit / Apple Double DLL Hijack — From fraudulent software bundle downloads to an evasive miner raging campaign
Summary
During the first week of March, Morphisec intercepted and prevented an advanced Lokibot delivery campaign on some of its customers in the financial sector. While Lokibot has been lately reported to be delivered via impersonation of a kno… Continue reading Lokibot with AutoIt Obfuscator + Frenchy Shellcode
The Trickbot trojan is one of the most advanced malware delivery vehicles currently in use. Attackers have leveraged it to deliver a wide variety of malicious code, in many different methods. Just yesterday, Bleeping Computer reported that news ar… Continue reading Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.
The post ConnectWise Control Abused Again to Deliver Zeppelin Ranso… Continue reading ConnectWise Control Abused Again to Deliver Zeppelin Ransomware