This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals. Read More HERE…
We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware. Read More HERE…
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. Read More HERE…
During the first quarter of 2022, we discovered a significant number of infections using multiple new Emotet variants that employed both old and new techniques to trick their intended victims into accessing malicious links and enabling macro content. Read More HERE…
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection. Read More HERE…
We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. Read More HERE…
We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques. Read More HERE…
Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. Read More HERE…
We analyzed five major types of email channels, and the techniques in keywords and domain names BEC actors use to appear legitimate to potential victims. Read More HERE…
In 2019, we wrote a blog entry about a threat actor, known as APT-C-36 or Blind Eagle, targeting entities in Colombia and other South American countries with spam emails. We have continued tracking this threat actor and share our new findings about APT-C-36’s ongoing spam campaign during that monitoring phase. Read More HERE…