The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
Read More
Cryptocurrencies’ values are increasing again, which may explain why the number of stealthy techniques to deliver them have also increased this year. We found another campaign using process hollowing and a dropper component to evade detection and analysis, and can potentially be used for other malware payloads.
Read More
In one of its recent campaigns, we’ve discovered a piece of Waterbear payload with a brand-new purpose: hiding its network behaviors from a specific security product by API hooking techniques. In our analysis, we have discovered that the security vendor is APAC-based, which is consistent with BlackTech’s targeted countries.
Read More
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fixed vulnerabilities were disclosed to the public before patching, although one was under active attack at the time of the patch.
Read More In November 2019, we published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristics: notably that these samples were making use of obfuscation tools that made them virtually undetectable.
Read More