Tag: Malware

New QRAT Variant Distributed via Trump-themed Spam Campaign
New QRAT Variant Distributed via Trump-themed Spam Campaign

Cyber-criminals constantly take advantage of the “hottest” media topics to lure victims and infect them with malware. This time hackers decided to profit from the increased attention to the last US presidential elections and launched a Donald Trump-themed spam campaign. The final goal of this operation is to distribute the latest QRAT Trojan malware variant, […]

Read More
New Credential Stealer Banking Malware Attacks the US and Canada
New Credential Stealer Banking Malware Attacks the US and Canada

The banking sector has always been an attractive target for cyber-criminals. After Zeus and Gozi emerged in 2007, prominent banking Trojans regularly made the headlines by emptying accounts of customers. Recently, security researchers have spotted yet another member of the financial malware family. This time the campaign is aimed at the US and Canadian banking […]

Read More
Detection Content: LokiBot Detector
Detection Content: LokiBot Detector

In today’s post, we want to remind our readers about LokiBot infostealer that provides backdoors to the victim Windows OS and enables fraudsters to steal sensitive data and even bring in place different payloads. LokiBot infostealer comes to the victims via malspam campaigns often masquerading as a trusted sender, containing an attached document luring the […]

Read More
DanaBot targets Europe
DanaBot targets Europe

Delaware, USA – June 21, 2019 – Another phishing campaign with the upgraded DanaBot trojan is reported to target Poland and Italy. The new DanaBot strain comes with a Blitzkrieg ransomware module that changes the extension of the encrypted files to .non. Initially, the DanaBot malware was observed during the phishing campaign in Australia back […]

Read More
Production of ASCO Stymied by Ransomware
Production of ASCO Stymied by Ransomware

Delaware, USA – June 18, 2019 – One of the leaders of airplane parts manufacturing was informed to have shut down operations at its plants because of a large-scale ransomware attack. Asco Industries who is the leader in the design and manufacture of major functional components for Boeing and Airbus commercial passenger jets, Airbus A400M […]

Read More
Refreshed Mirai Noticed
Refreshed Mirai Noticed

Delaware, USA – April 10, 2019 – The researchers of Palo Alto Networks Unit 24 published a report informing about a strain of Mirai malware compiled to target Xilinx MicroBlaze, Altera Nios II, Tensilica Xtensa and OpenRISC processors is in the wild. Along with the gained abilities to target new systems like digital signal processors, […]

Read More
Hoya Corp Focalizes Cryptojacking Attempt
Hoya Corp Focalizes Cryptojacking Attempt

Delaware, USA – April 9, 2019 – The largest optical products manufacturer Hoya Corporation suffered a cyber attack that infected more than 100 computers compromising users’ credentials and tried to take root for cryptocurrency mining, The Japan Times informs. The network controlling server was brought down on March 1 and the orders processing and production […]

Read More
Petya.A / NotPetya is an AI-powered cyber weapon, TTPs lead to Sandworm APT group
Petya.A / NotPetya is an AI-powered cyber weapon, TTPs lead to Sandworm APT group

It’s been a hot summer for security industry: in less than a week since the initially suspected ransomware Petya.A has turned out to be much more than meets the eye. Security researchers around the world have rightfully dubbed it NotPetya and EternalPetya, as the malware was never meant to ask for ransom – it was […]

Read More
WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules
WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules

Good news everyone! After a rather long day, night and morning of studying the news, researching and hunting the #WannaCry ransomwareworm there are some discoveries to be shared.. This includes Host and Network IOCs, their analysis obtained with help of fellow security researchers and practitioners, review of C2 infrastructure and its interactions with Tor. Last but not least are some free SIEM use cases that […]

Read More