Aside from Dridex, Agent Tesla is the most widely used malware currently targeting businesses. We review its core functionality and latest adaptations.
Browsing CategoryCrimeware
WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
WastedLocker is a relatively new ransomware that has been attacking high-value targets across numerous industries, including several Fortune 500 companies.
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.
Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set
Thanos Ransomware has developed rapidly over the last 6 months, offering a customized RaaS tool with an expanding feature set to build unique payloads.
Inside a TrickBot Cobalt Strike Attack Server
Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.
Valak Malware and the Connection to Gozi Loader ConfCrew
Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.
NetWalker Ransomware: No Respite, No English Required
NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.
Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.
IcedID Botnet | The Iceman Goes Phishing for US Tax Returns
In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.