During the last weeks of January (2018), nation state actors from Lotus
Blossom conducted a targeted malspam campaign against the Association of
Southeast Asian Nations (ASEAN) countries. Just months after the APT32
watering hole activity against ASE...
During the week following the Orthodox New Year (January 14, 2018), the
Necurs botnet re-emerged on the scene with a malspam campaign spreading
an old friend, the Dridex banking trojan. This activity was first
identified by a Forcepoint Labs report, ...
During the last several weeks of 2017 and now well into early 2018, RSA
FirstWatch has observed a malspam campaign delivering njRAT, a robust
and publicly available remote administration tool (RAT) with
capabilities for remote desktop, file manager, ...
Just in time for the holiday season, a new Monero cryptocurrency mining
campaign has kicked off during the first weeks of December. Unlike the
plethora of other mining malware thus far in 2017, this new campaign is
a sophisticated multi-staged attack...
During the month of October, and there’s been a disturbance in the
force… the growing presence of a new Internet of Things (IoT) botnet,
dubbed ‘Reaper’. Initial research published by Checkpoint and Qihoo
indicates that the IoT Reaper botnet may have...
Another #Dridex sample from today... thanks @Ring0x0
https://www.hybrid-analysis.com/sample/2396ac9e2b1b119050f67fd7a5382e8ba018427ab76ac0a969eefb08c537f089?environmentId=10…
ANY.RUN
FirstWatch would like to the benefit of behavior driven
parsers such as this, and agree that unsolicited HTTP POSTs have long
carried a slew of exploit attempts. Specific to the #ZEALOT campaign, we
observed these via powershell, wget, curl, cmd, an...
