A deep dive into Saint Bot, a new downloader

Credit to Author: Threat Intelligence Team| Date: Tue, 06 Apr 2021 21:37:12 +0000

Saint Bot is a downloader that has been used to drop stealers. We take a deep look at it and its accompanying panel.

Categories: CriminalsThreat analysis

Tags:

(Read more…)

The post A deep dive into Saint Bot, a new downloader appeared first on Malwarebytes Labs.

Read more

Aurora campaign: Attacking Azerbaijan using multiple RATs

Credit to Author: Threat Intelligence Team| Date: Tue, 06 Apr 2021 19:24:27 +0000

We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.

Categories: MalwareThreat analysis

Tags:

(Read more…)

The post Aurora campaign: Attacking Azerbaijan using multiple RATs appeared first on Malwarebytes Labs.

Read more

New steganography attack targets Azerbaijan

Credit to Author: Threat Intelligence Team| Date: Fri, 05 Mar 2021 22:37:13 +0000

A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.

Categories: Threat analysis

Tags:

(Read more…)

The post New steganography attack targets Azerbaijan appeared first on Malwarebytes Labs.

Read more

Cleaning up after Emotet: the law enforcement file

Credit to Author: Threat Intelligence Team| Date: Fri, 29 Jan 2021 19:31:58 +0000

Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Categories: MalwareThreat analysis

Tags:

(Read more…)

The post Cleaning up after Emotet: the law enforcement file appeared first on Malwarebytes Labs.

Read more

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

Credit to Author: Threat Intelligence Team| Date: Wed, 06 Jan 2021 15:14:45 +0000

A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.

Categories: Social engineeringThreat analysis

Tags:

(Read more…)

The post Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat appeared first on Malwarebytes Labs.

Read more

SolarWinds advanced cyberattack: What happened and what to do now

Credit to Author: Threat Intelligence Team| Date: Mon, 14 Dec 2020 19:45:21 +0000

Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.

Categories: Threat analysis

Tags:

(Read more…)

The post SolarWinds advanced cyberattack: What happened and what to do now appeared first on Malwarebytes Labs.

Read more

German users targeted with Gootkit banker or REvil ransomware

Credit to Author: Threat Intelligence Team| Date: Mon, 30 Nov 2020 16:00:55 +0000

After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Categories: MalwareThreat analysis

Tags:

(Read more…)

The post German users targeted with Gootkit banker or REvil ransomware appeared first on Malwarebytes Labs.

Read more

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Credit to Author: Threat Intelligence Team| Date: Mon, 16 Nov 2020 18:00:06 +0000

Threat actors behind malsmoke, one of the largest malvertising campaigns we’ve seen in recent months, have switched malware delivery tactics.

Categories: ExploitsSocial engineeringThreat analysis

Tags:

(Read more…)

The post Malsmoke operators abandon exploit kits in favor of social engineering scheme appeared first on Malwarebytes Labs.

Read more