Crimeware

A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.

Crimeware

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Jim Walter / August 23, 2021

Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.

Crimeware

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Idan Weizman / July 8, 2021

Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.

Crimeware

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

Marco Figueroa / June 24, 2021

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Crimeware

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Antonio Pirozzi / June 16, 2021

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.

Crimeware

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

Marco Figueroa / May 20, 2021

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.

Crimeware

Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage

Jim Walter / April 1, 2021

Unbreakable encryption, a data leak site and threats of DDoS attacks, Avaddon has all the tricks of a modern RaaS. And now version 2 is on the way.

Crimeware

HelloKitty Ransomware Lacks Stealth, But Still Strikes Home

Jim Walter / March 8, 2021

HelloKitty lacks the stealth of Ryuk, REvil and Conti, but has still struck some notable targets, including CEMIGO. Ransomware overview and IoCs here.

Crimeware

Zeoticus 2.0 | Ransomware With No C2 Required

Jim Walter / February 3, 2021

Zeoticus is a Windows-specific ransomware that can execute fully offline with no callback to a C2, making network activity detection rules redundant.

Crimeware

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game

Mike Dvorkin / January 7, 2021

Adware infections may appear unremarkable at first, but in this example incident analysis we demonstrate their growing sophistication and risk.

Category

Crimeware

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage

HelloKitty Ransomware Lacks Stealth, But Still Strikes Home

Zeoticus 2.0 | Ransomware With No C2 Required

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game