Adversary

A newly-discovered NTLM relay attack makes every Windows system vulnerable to an escalation of privileges attack, and there’s no patch in sight.

Adversary

A Deep Dive into Zebrocy’s Dropper Docs

Marco Figueroa / April 19, 2021

A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.

Adversary

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Phil Stokes / December 2, 2020

Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.

Adversary

Case Study: Catching a Human-Operated Maze Ransomware Attack In Action

Jim Walter / August 13, 2020

Maze operators tailor attacks to the victim’s environment to evade detection. We show how they operate, and reveal a decoded HDA payload among other IOCs.

Adversary

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT

Vitali Kremez / December 10, 2019

The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group

Category

Adversary

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol

A Deep Dive into Zebrocy’s Dropper Docs

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Case Study: Catching a Human-Operated Maze Ransomware Attack In Action

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT