Tag: Osman Demir

In a Quest for Dridex Malware

To reach their evil goals, hackers are sending waves of malspam to targeted victims. Numerous strains of Dridex malware flatten out institutions and customers of the financial sector, and a new iteration of Dridex attack was noticed again after a period of inactivity earlier this month, Unit 42 reports. About Dridex Attacks First malspam attacks […]

Read More
Economic Espionage Campaign by TA413

The use of COVID19 related lures is already perceived as common practice among both financially motivated groups and state-sponsored cyber espionage units. Researchers released a report last week about another group that has been using COVID19 themed phishing emails for six months to deliver their new tool. Yes, we are talking about the Chinese APT […]

Read More
Snatch Ransomware Attack Detection

Ransomware continues to be one of the most serious threats to corporate networks, and Snatch ransomware is one of the most annoying “guests” that emerged relatively recently. The first infections were recorded about two years ago, but serious attacks on organizations began only in April 2019, and since then, the appetites and skills of the […]

Read More
New QakBot Techniques

The QBot banking Trojan that is also known as Qakbot or Pinkslipbot has been known to cybersecurity researchers since 2008, and it keeps tricking the business with emerging campaigns demonstrating its elaborated stealth capabilities. Another phishing campaign delivering the malicious document has attracted the researchers’ attention. The latest QakBot attack is notable for delivering a […]

Read More
Threat Hunting Rules: PurpleWave Infostealer

Another Infostealer with backdoor functions was discovered in late July. Malware authors advertise it on Russian cybercrime forums and sell various modifications of the utility at an affordable price. New Infostealer is written in C++ and was dubbed PurpleWave by its authors.  The malware can perform a number of malicious actions of a hacker’s choice […]

Read More
Detection Content: Mekotio Banking Trojan

Mekotio is one more Latin American banking trojan that is targeted at users mainly in Brazil, Mexico, Spain, Chile, Peru, and Portugal. This is persistent malware that is distributed via phishing emails and ensures persistence either by creating an LNK file in the startup folder or using a Run key. It is capable of stealing […]

Read More
Threat Hunting Rules: Water Nue Phishing Campaign

In today’s news, we want to warn you about the ongoing campaign by Water Nue targeting the business Office 365 accounts in the US and Canada. Notably, the fraudsters successfully reached a number of high-level managers in companies worldwide and harvested over 800 sets of credentials. Although their phishing toolset is limited, they do not […]

Read More
Rule of the Week: VHD Ransomware Detection

We believe that today we deservedly give the Rule of the Week title to the exclusive Sigma rule developed by Osman Demir to enable detection of VHD ransomware: https://tdm.socprime.com/tdm/info/jxteY8ELY6Yd/BwSPn3MBPeJ4_8xcn22h/?p=1  The first attacks using this ransomware strain began in March 2020, and only recently researchers have linked them to the Lazarus APT. This was facilitated by […]

Read More
Detection Content: MATA Multi-platform malware framework by Lazarus APT

Last week, researchers reported on the latest notorious Lazarus APT tool, which has been used in the group’s attacks since spring 2018. Their new ‘toy’ was named MATA, it is a modular cross-platform framework with several components including a loader, orchestrator, and multiple plugins that can be used to infect Windows, Linux, and macOS systems. […]

Read More
Threat Hunting Rules: Golden Chickens MaaS

As you know, Malware-as-a-Service (MaaS) is a business that has already become commonplace and runs on the underground forums and black markets offering an array of services. The first attacks using Golden Chickens MaaS began back in 2017, and the Cobalt group was among their first “clients”. The success of this project heavily relies on […]

Read More