Inside a TrickBot Cobalt Strike Attack Server
Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.
Read More
Valak Malware and the Connection to Gozi Loader ConfCrew
Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.
Read More
NetWalker Ransomware: No Respite, No English Required
NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.
Read More
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.
Read More
Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.
Read More
IcedID Botnet | The Iceman Goes Phishing for US Tax Returns
In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.
Read More
Maze Ransomware Update: Extorting and Exposing Victims
Maze ransomware doesn’t just demand payment for a decryptor but exfiltrates victim data and threatens to leak it publicly if the target doesn’t pay up.
Read More
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.
Read More
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.
Read More
New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
The ransomware crime spree continues with threat actors increasingly turning to Golang as their language of choice. New entrant Snake is just the latest.
Read More