Malspam activity was observed on February 11th delivering a Keybase
variant. The keylogger was first reported by security researchers at
Palo Alto Networks in 2015. FirstWatch previously blogged about how to
detect it using RSA NetWitness. The delive...
Malspam activity was observed on February 13th delivering a variant of
ISR password stealer. ISR was reportedly used in spear phishing attacks
against food and machine industries. In this blog post we will discuss
the network activity using RSA NetWi...
Malspam was observed on February 7th 2017 delivering GandCrab
ransomware. GandCrab is a new ransomware family that was first reported
in late January. This is the first time to see it being distributed via
a malspam campaign [1]. This screenshot from...
This week RSA FirstWatch observed a new malspam campaign delivering
Hancitor malware. Hancitor is a downloader that was used by adversaries
to deliver various malware families such as Pony and Zeus Panda Banker.
Contrary to previous malspam campaigns...
Malspam was observed on January 12th 2018 delivering Ursnif (AKA Gozi).
Ursnif is a Banking Trojan that was discovered in 2007. Originally it
was targeting banking wire systems in English speaking countries. In the
past decade, its list of target cou...
