Browsing CategoryCrimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Crimeware

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.

Crimeware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.

Crimeware

Maze Ransomware Update: Extorting and Exposing Victims

Maze ransomware doesn’t just demand payment for a decryptor but exfiltrates victim data and threatens to leak it publicly if the target doesn’t pay up.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.

Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Crimeware

New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware

The ransomware crime spree continues with threat actors increasingly turning to Golang as their language of choice. New entrant Snake is just the latest.

Crimeware

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

SentinelLabs developed mock command-and-control panels to allow the institutions to utilize them for testing detections related to “PowerTrick”

Crimeware

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Crimeware

Writing Malware Traffic Decrypters for ISFB/Ursnif

Daniel Bunce explains how to decrypt traffic between an attacker’s C2 and an endpoint infected with ISFB malware

️ IoT Devices That Are Susceptible to Hacking. Let’s start by identifying the devices that pose the greatest risk… https://t.co/VtHp4gwx9I53 minutes ago
Verizon's 2020 DBIR report contains a wealth of information for CISOs. We break it down and offer you the essenti… https://t.co/MB6XrCO6SZabout 1 hour ago
How to fight a virus: Lessons from cybersecurity | By @GutmanYotam https://t.co/902tAGeNAq #perspective… https://t.co/hkVIrY9UMG3 hours ago
#Webinar | Hear from a real-life use case where Kivu Consulting shares how it stood up a highly automated and effic… https://t.co/5JGOmjNsOb3 hours ago

0 / 53

Browsing CategoryCrimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

Maze Ransomware Update: Extorting and Exposing Victims

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation

New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware

Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Writing Malware Traffic Decrypters for ISFB/Ursnif

Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic

Sarwent Malware Continues to Evolve With Updated Command Functions

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration