Clik here to view.
Threat Actor “Cold River”: Network Traffic Analysis and a Deep Dive on Agent...
Executive Summary While reviewing some network anomalies, we recently uncovered Cold River, a sophisticated threat actor making malicious use of DNS tunneling for command and control activities. We...
View ArticleClik here to view.
Reporting from Security Analyst Summit 2019
By Quentin Fois and Stefano Ortolani We are just back from Singapore, where we attended the Security Analyst Summit organized by Kaspersky Lab. Believe us, it was a blast! Inspiring talks and perfect...
View ArticleClik here to view.
LockerGoga: When Ransomware Strikes Back
Ransomware attacks have made the headlines multiple times in the course of recent years. LockerGoga is yet another example. The malware disrupted the operation of a number of organizations (some...
View ArticleClik here to view.
HELO Winnti: Attack or Scan?
Since its first attack was discovered nearly a decade ago, Winnti has evolved into an advanced and sophisticated toolkit leveraged by several actors such as APT17, Axiom, Barium, and PassCV, just to...
View ArticleClik here to view.
Threat Research Report: Infostealers and self-compiling droppers set loose by...
Thanks to massive botnets, attackers can generate large-scale spam campaigns on-demand and immediately use them to spread malware. While digging through some recent spam campaigns that we have...
View ArticleClik here to view.
Nemty Ransomware Scaling UP: APAC Mailboxes Swarmed by Dual Downloaders
Nemty is a ransomware that first surfaced in the wild in August 2019, reportedly spreading via RDP with a specific focus on the APAC region. By the end of November 2019 the attack expanded its reach...
View ArticleClik here to view.
IQY files and Paradise Ransomware
IQY files, perhaps one of the less known of the weaponizable Microsoft Office file formats, provide attackers with a simple way to infiltrate a network. We have intercepted a campaign that leverages...
View ArticleClik here to view.
InfoStealers Weaponizing COVID-19
Coronavirus, or COVID-19, continues to dominate the headlines and the cybersecurity landscape. The contagion has sadly infected over 3 million people globally, and nearly 250,000 people have died at...
View ArticleClik here to view.
Phishing in The Time of Pandemic
Introduction The pandemic has put people on alert. Google Trends indicates the searches for COVID-19-related keywords has been increasing dramatically during the past few months. Numerous news and...
View ArticleClik here to view.
Evolution of Excel 4.0 Macro Weaponization
Abstract Excel 4.0 (XL4) macros are becoming increasingly popular for attackers, as security vendors struggle to play catchup and detect them properly. This technique provides attackers a simple and...
View Article