At the end of April and the first week of March, we realized that cyberattacks do not rest, recently the Cybereason Nocturnus team responded to several incident response (IR) cases involving Prometei Botnet infections against companies in North America
For more articles, check out our #onpatrol4malware blog.
Emotet malware nukes itself today from all infected computers worldwide
Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement. Read more.
Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
Recently, the Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America. Read more.
APT trends report Q1 2021 APT REPORTS
Source: Secure List
For four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. Read more.
PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector
Source: Malicious Life
The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Read more.
RM3 – Curiosities of the wildest banking malware
Source: Fox It
Despite its long and rich history in the cyber-criminal underworld, the Gozi malware family is surrounded by mystery and confusion. The leaking of its source code only increased this confusion as it led to an influx of Gozi variants across the threat landscape. Read more.
Lazarus Group Recruitment: Threat Hunters vs Head Hunters
At the end of September 2020, Positive Technologies Expert Security Center (PT Expert Security Center, PT ESC) was involved in the investigation of an incident in one of the largest pharmaceutical companies. Read more.
CISA Releases Analysis Reports on New FiveHands Ransomware
CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. Read more.
Unit180 (Lazarus) targets Japan
In this particular blog, I will walk you through the internals of two malware “single” and “ValeforBeta” used by Unit180 in targeted hacking operations against Japan as the hacking operations were done. Read more.
Pingback: Backdoor At The End Of The ICMP Tunnel
In this post, we analyze a piece of malware that we encountered during a recent breach investigation. What caught our attention was how the malware achieved persistence. Read more.