TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT
Browsing CategoryAdvanced Persistent Threat
DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
New threat intelligence on the ever-expanding toolset of North Korean APT Hidden Cobra (Lazarus) including IoCs for RATs, beacons, persistence and more.
Deep Insight into “FIN7” Malware Chain: From Office Macro Malware to Lightweight JS Loader
Vitali Kremez dissecting the ‘Fin7’ malware chain that leverages malicious MS Office Macros and a JS loader.
FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals
Vitali Kremez diving into the FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems.