Tag: Osman Demir

IceRAT Malware Detection: Catch Me If You Can
IceRAT Malware Detection: Catch Me If You Can

IceRAT is a relatively new tool in the malicious arena, being a unique strain in regard to its features and unprecedented evasion tactics. Remarkably, the threat has very low detection rates, acting as a stealth malware able to steal sensitive data and financial assets from the targeted machines. What is IceRAT malware? Despite its name, […]

Read More
FONIX Ransomware as a Service Detection
FONIX Ransomware as a Service Detection

Another Ransomware as a Service platform is preparing to play a high-stakes game with organizations. Researchers at Sentinel Labs discovered the first attacks using the FONIX platform about three months ago. Now, this RaaS platform is still under active development, but their first customers are already trying their capabilities. So far, FONIX is quite inconvenient […]

Read More
AZORult Trojan Used in Targeted Attacks
AZORult Trojan Used in Targeted Attacks

Last week, researchers at Zscaler ThreatLabZ released a report on a massive campaign targeting the supply chain and government sectors in the Middle East. Cybercriminals sent phishing emails pretended to be from Abu Dhabi National Oil Company (ADNOC) employees that infected targets with the AZORult Trojan.  Campaign Targeted at organizations in the Middle East The […]

Read More
Mount Locker Ransomware
Mount Locker Ransomware

Companies worldwide are reported to have failed victims of the recent ransomware attack by Mount Locker. The new ongoing ransomware attack targets corporate networks and demands millions of dollars ransom payment is Bitcoins, and the hackers utter threats to reveal the encrypted data publicly if the victims refuse to pay ransom. Mount Locker ransomware activity […]

Read More
Dridex Malware Detection: Proactively Defend With SOC Content
Dridex Malware Detection: Proactively Defend With SOC Content

Dridex malware has been attacking banks and financial institutions for almost a decade. In 2019, the US Department of Justice brought charges against Russian nationals who stood behind the creation of the Dridex malware and were leading criminal activities that delivered them about $100 million. Even back in 2015, Dridex was responsible for roughly $30.5 […]

Read More
Economic Espionage Campaign by TA413
Economic Espionage Campaign by TA413

The use of COVID19 related lures is already perceived as common practice among both financially motivated groups and state-sponsored cyber espionage units. Researchers released a report last week about another group that has been using COVID19 themed phishing emails for six months to deliver their new tool. Yes, we are talking about the Chinese APT […]

Read More
Snatch Ransomware Attack Detection
Snatch Ransomware Attack Detection

Ransomware continues to be one of the most serious threats to corporate networks, and Snatch ransomware is one of the most annoying “guests” that emerged relatively recently. The first infections were recorded about two years ago, but serious attacks on organizations began only in April 2019, and since then, the appetites and skills of the […]

Read More
New QakBot Techniques
New QakBot Techniques

The QBot banking Trojan that is also known as Qakbot or Pinkslipbot has been known to cybersecurity researchers since 2008, and it keeps tricking the business with emerging campaigns demonstrating its elaborated stealth capabilities. Another phishing campaign delivering the malicious document has attracted the researchers’ attention. The latest QakBot attack is notable for delivering a […]

Read More
Threat Hunting Rules: PurpleWave Infostealer
Threat Hunting Rules: PurpleWave Infostealer

Another Infostealer with backdoor functions was discovered in late July. Malware authors advertise it on Russian cybercrime forums and sell various modifications of the utility at an affordable price. New Infostealer is written in C++ and was dubbed PurpleWave by its authors.  The malware can perform a number of malicious actions of a hacker’s choice […]

Read More
Detection Content: Mekotio Banking Trojan
Detection Content: Mekotio Banking Trojan

Mekotio is one more Latin American banking trojan that is targeted at users mainly in Brazil, Mexico, Spain, Chile, Peru, and Portugal. This is persistent malware that is distributed via phishing emails and ensures persistence either by creating an LNK file in the startup folder or using a Run key. It is capable of stealing […]

Read More