Tag: Threat Analysis
-
Scarab ransomware: new variant changes tactics
The Scarab ransomware was discovered in June 2017. Since then, several variants have been created and discovered in the …
-
GandCrab ransomware distributed by RIG and GrandSoft exploit kits
This post was authored by Vasilios Hioueras and Jérôme Segura Late last week saw the appearance of a new ransomware called GandCrab. …
-
Using ILSpy to analyze a small adware file
My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called …
-
Fake IRS notice delivers customized spying tool
While macro-based documents and scripts make up for the majority of malspam attacks these days, we also see some campaigns that leverage documents embedded with exploits. Case in point, we came across a malicious Microsoft Office file disguised as a CP2000 notice. Read full news article on Malwarebytes Unpacked
-
Explained: YARA rules
YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. YARA was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection. Read full news article on Malwarebytes Unpacked
-
PSA: New Microsoft Word 0day used in the wild
Microsoft has just patched an important vulnerability in Microsoft Word during its latest patch Tuesday cycle. According to the security firm that found it [1], this new zero-day (CVE-2017-8759) was used in targeted attacks to install a piece of malware known as FinFisher. Read full news article on Malwarebytes Unpacked
-
Expired domain names and malvertising
April 24, 2012 – The fight against malware is a cat-and-mouse game. It is constant and constantly escalating. Read full news article on Malwarebytes Unpacked
-
Locky ransomware adds anti sandbox feature (updated)
By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containing .VBS or .JS attachments. Malwarebytes…
-
Cerber ransomware delivered in format of a different order of Magnitude
As a follow up to our study into the Magnitude exploit kit and its gate (which we profiled in a previous blog post), we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are a very effective means of serving malicious payloads and an important aspect is the delivery…
●●●