Masked in Memory: A Hidden .PYC fragment utilises cvtres.exe to communicate with C&C - K7 Labs
During a routine analysis at K7 Labs, we encountered a Python-based malware sample that uses multi-stage obfuscation. The de-obfuscated result […]
New HijackLoader Evasion Tactics | ThreatLabz
Learn how HijackLoader has introduced call stack spoofing and new modules to improve its evasion and anti-analysis capabilities.
Hybrid Analysis Blog: New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers
Author(s): Vlad Pasca New advanced stealer analyzed though Hybrid Analysis and named 'SHUYAL' Hybrid Analysis report reveals the stealer c...
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques
SLOW#TEMPEST malware uses dynamic jumps and obfuscated calls to evade detection. Unit 42 details these techniques and how to defeat them with emulation.
Technical Analysis of TransferLoader | ThreatLabz
TransferLoader is a new malware family with sophisticated anti-analysis techniques that deploys embedded payloads that include a downloader, backdoor, and ransomware.
10 Things I Hate About Attribution: RomCom vs. TransferLoader | Proofpoint US
Threat Research would like to acknowledge and thank the Paranoids, Spur, and Pim Trouerbach for their collaboration to identify, track, and disrupt this activity. Key takeaways
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Mind the (air) gap: GoldenJackal gooses government guardrails
ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal.
LummaC2: Obfuscation Through Indirect Control Flow | Google Cloud Blog
Analysis of malware samples using a technique to thwart all binary analysis tools, and hinder reverse engineering efforts.
blog | The public blog of Santander Cyber Security Research
The public blog of Santander Cyber Security Research
A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs
Elastic Security Labs identified a novel Windows backdoor leveraging the Background Intelligent Transfer Service (BITS) for C2. This malware was found during a recent activity group tracked as REF8747.
CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Trend Micro (US)
DodgeBox | ThreatLabz
Part 1 | ThreatLabz uncovers new tooling from APT41 including DodgeBox, which uses advanced evasion techniques to deploy the MoonWalk backdoor that leverages Google Drive