Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Credit to Author: Eric Avena| Date: Tue, 27 Jul 2021 16:00:17 +0000

A new approach for malware classification combines deep learning with fuzzy hashing. Fuzzy hashes identify similarities among malicious files and a deep learning methodology inspired by natural language processing (NLP) better identifies similarities that actually matter, improving detection quality and scale of deployment.

The post Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques appeared first on Microsoft Security Blog.

Read more

Breaking down NOBELIUM’s latest early-stage toolset

Credit to Author: Eric Avena| Date: Fri, 28 May 2021 21:36:17 +0000

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities.

The post Breaking down NOBELIUM’s latest early-stage toolset appeared first on Microsoft Security.

Read more

SolarWinds attackers launch new campaign

Credit to Author: Pieter Arntz| Date: Fri, 28 May 2021 14:24:01 +0000

The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks.

Categories: Threat analysis

Tags:

(Read more…)

The post SolarWinds attackers launch new campaign appeared first on Malwarebytes Labs.

Read more

New sophisticated email-based attack from NOBELIUM

Credit to Author: Emma Jones| Date: Fri, 28 May 2021 00:00:50 +0000

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.

The post New sophisticated email-based attack from NOBELIUM appeared first on Microsoft Security.

Read more

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Credit to Author: Eric Avena| Date: Thu, 04 Mar 2021 17:00:02 +0000

Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.

The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence appeared first on Microsoft Security.

Read more