New OpcJacker Malware Distributed via Fake VPN Malvertising

Credit to Author: Jaromir Horejsi| Date: Wed, 29 Mar 2023 00:00:00 +0000

We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.

Read more

Emotet Returns, Now Adopts Binary Padding for Evasion

Credit to Author: Ian Kenefick| Date: Mon, 13 Mar 2023 00:00:00 +0000

Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails.

Read more

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Credit to Author: Ryan Soliven| Date: Thu, 02 Mar 2023 00:00:00 +0000

Find out how the Managed XDR team uncovered RedLine Stealer’s evasive spear-phishing campaign that targets the hospitality industry.

Read more

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Credit to Author: Daniel Lunghi| Date: Wed, 01 Mar 2023 00:00:00 +0000

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Read more

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Credit to Author: Buddy Tancio| Date: Fri, 24 Feb 2023 00:00:00 +0000

Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.

Read more

Earth Zhulong: Familiar Patterns Target Southeast Asian Firms

Credit to Author: Ted Lee| Date: Wed, 08 Feb 2023 00:00:00 +0000

In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Asian firms similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds.

Read more

Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns

Credit to Author: Hara Hiroaki| Date: Thu, 16 Feb 2023 00:00:00 +0000

We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.

Read more