From Wiper to Ransomware | The Evolution of Agrius
New threat actor Agrius engages in espionage and destructive attacks, masquerades as ransomware with custom backdoor, wiper and malware.
Read More
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
A newly-discovered NTLM relay attack makes every Windows system vulnerable to an escalation of privileges attack, and there’s no patch in sight.
Read More
A Deep Dive into Zebrocy’s Dropper Docs
A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.
Read More
APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.
Read More
Case Study: Catching a Human-Operated Maze Ransomware Attack In Action
Maze operators tailor attacks to the victim’s environment to evade detection. We show how they operate, and reveal a decoded HDA payload among other IOCs.
Read More
Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT
The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group
Read More