Labs

A Click From The Backyard   Analysis Of CVE 2020 9332 A USB Redirection Software Privilege Escalation 3

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.

Read More
Valak Malware And The Connection To Gozi Loader ConfCrew 1

Valak Malware and the Connection to Gozi Loader ConfCrew

Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.

Read More
NetWalker Ransomware Update   No Respite No English Required 2

NetWalker Ransomware: No Respite, No English Required

NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.

Read More
Sarwent Malware Continues To Evolve With Updated Command Functions 6

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Read More
Deep Dive Into TrickBot Executor Module “mexec”  Reversing The Dropper Variant 7

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Read More
The Anatomy Of An APT Attack And CobaltStrike Beacon’s Encoded Configuration 3

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration

Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.

Read More
Technical Overview Of NEMTY Successor Nefilim Nephilim Ransomware 4

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.

Read More
ICEID Botnet The Iceman Goes Phishing 9

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.

Read More
Maze Ransomware Update  Extorting And Exposing Victims 2

Maze Ransomware Update: Extorting and Exposing Victims

Maze ransomware doesn’t just demand payment for a decryptor but exfiltrates victim data and threatens to leak it publicly if the target doesn’t pay up.

Read More
Deep Dive Into TrickBot Executor Module Mexec Hidden Anchor Bot Nexus Operations 4

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.

Read More