Thanos Ransomware has developed rapidly over the last 6 months, offering a customized RaaS tool with an expanding feature set to build unique payloads.
Inside a TrickBot Cobalt Strike Attack Server
Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.
A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.
Valak Malware and the Connection to Gozi Loader ConfCrew
Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.
NetWalker Ransomware: No Respite, No English Required
NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.
Sarwent Malware Continues to Evolve With Updated Command Functions
Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.
The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.
Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.
IcedID Botnet | The Iceman Goes Phishing for US Tax Returns
In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.