New OpcJacker Malware Distributed via Fake VPN Malvertising

Credit to Author: Jaromir Horejsi| Date: Wed, 29 Mar 2023 00:00:00 +0000

We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.

Read more

Pack it Secretly: Earth Preta’s Updated Stealthy Strategies

Credit to Author: Vickie Su| Date: Thu, 23 Mar 2023 00:00:00 +0000

After months of investigation, we found that several undisclosed malware and interesting tools used for exfiltration purposes were being used by Earth Preta. We also observed that the threat actors were actively changing their tools, tactics, and procedures (TTPs) to bypass security solutions. In this blog entry, we will introduce and analyze the other tools and malware used by the threat actor.

Read more

Emotet Returns, Now Adopts Binary Padding for Evasion

Credit to Author: Ian Kenefick| Date: Mon, 13 Mar 2023 00:00:00 +0000

Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails.

Read more

Examining Ransomware Payments From a Data-Science Lens

Credit to Author: Vladimir Kropotov| Date: Thu, 09 Mar 2023 00:00:00 +0000

In this entry, we discuss case studies that demonstrated how data-science techniques were applied in our investigation of ransomware groups’ ransom transactions, as detailed in our joint research with Waratah Analytics, “What Decision-Makers Need to Know About Ransomware Risk.”

Read more

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Credit to Author: Vladimir Kropotov| Date: Thu, 02 Mar 2023 00:00:00 +0000

In this blog entry, we present a case study that illustrates how data-science techniques can be used to gain valuable insights about ransomware groups’ targeting patterns as detailed in our research paper, “What Decision-Makers Need to Know About Ransomware Risk.”

Read more

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Credit to Author: Ryan Soliven| Date: Thu, 02 Mar 2023 00:00:00 +0000

Find out how the Managed XDR team uncovered RedLine Stealer’s evasive spear-phishing campaign that targets the hospitality industry.

Read more

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Credit to Author: Buddy Tancio| Date: Fri, 24 Feb 2023 00:00:00 +0000

Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.

Read more

Royal Ransomware expands attacks by targeting Linux ESXi servers

Credit to Author: Nathaniel Morales| Date: Mon, 20 Feb 2023 00:00:00 +0000

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog.

Read more