At the end of April and the first week of March, we realized that cyberattacks do not rest, recently the Cybereason Nocturnus team responded to several incident response (IR) cases involving Prometei Botnet infections against companies in North America

For more articles, check out our #onpatrol4malware blog.

Emotet malware nukes itself today from all infected computers worldwide

Source: BleepingComputer

Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement. Read more.

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Source: MaliciousLife

Recently, the Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America. Read more.

APT trends report Q1 2021 APT REPORTS

Source: Secure List

For four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. Read more.

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

Source: Malicious Life

The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Read more.

RM3 – Curiosities of the wildest banking malware 

Source: Fox It

Despite its long and rich history in the cyber-criminal underworld, the Gozi malware family is surrounded by mystery and confusion. The leaking of its source code only increased this confusion as it led to an influx of Gozi variants across the threat landscape. Read more.

Lazarus Group Recruitment: Threat Hunters vs Head Hunters

Source: PTsecurity

At the end of September 2020, Positive Technologies Expert Security Center (PT Expert Security Center, PT ESC) was involved in the investigation of an incident in one of the largest pharmaceutical companies. Read more.

CISA Releases Analysis Reports on New FiveHands Ransomware

Source: Cisa

CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. Read more.

Unit180 (Lazarus) targets Japan

Source: 0xthreatintel

In this particular blog, I will walk you through the internals of two malware “single” and “ValeforBeta” used by Unit180 in targeted hacking operations against Japan as the hacking operations were done. Read more.

Pingback: Backdoor At The End Of The ICMP Tunnel

Source: TrustWave

In this post, we analyze a piece of malware that we encountered during a recent breach investigation. What caught our attention was how the malware achieved persistence. Read more.

Catching RATs Over Custom Protocols

Source: ZSCaler

Adversaries generally use Standard Application Layer Protocols for communication between malware and command and control (C&C) servers. Read more.