Crimeware

Who Needs Macros Threat Actors Pivot To Abusing Explorer And Other LOLBins Via Windows Shortcuts 6

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts 

Crimeware vendors say 'macros are dead', but they have a new weapon to help threat actors successfully deploy malware.

Read More
LockBit 3.0 Update Unpicking The Ransomwares Latest Anti Analysis And Evasion Techniques 5

LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques

The self-proclaimed 'oldest ransomware affiliate on the planet' has new tricks and new features and continues to beat enterprise defenses.

Read More
CrateDepression Rust Supply Chain Attack Infects Cloud CI Pipelines With Go Malware 1

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Read More
LockBit Ransomware Side Loads Cobalt Strike Beacon With Legitimate VMware Utility 4

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

Read More
Nokoyawa Ransomware New KarmaNemty Variant Wears Thin Disguise 5

Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise

Nemty developers have created a new, flawed update to the Karma ransomware variant in a bid to avoid detection and mislead attribution.

Read More
SanctionsBeDamnedFromDridexToMacawTheEvolutionOfEvilCorp 3

Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp

What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?

Read More
BlackCat Ransomware Highly Configurable Rust Driven RaaS On The Prowl For Victims 6

BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims

With victims in the US, Australia and India, BlackCat is a new RaaS making a big impact. Learn more about this unique ransomware's behavior and IoCs.

Read More
New Rook Ransomware Feeds Off The Code Of Babuk 7

New Rook Ransomware Feeds Off the Code of Babuk

Scavenging code leaked from Babuk, Rook's first victim was a bank and the theft of 1123 GB of data. Learn more about this new ransomware operator.

Read More
Spook Ransomware Prometheus Derivative Names Those That Pay Shames Those That Dont 6

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Read More
Karma Ransomware An Emerging Threat With A Hint Of JSWorm Pedigree 6

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Read More