Credit to Author: Threat Intelligence Team| Date: Fri, 03 Jun 2022 16:54:10 +0000
May 2022 saw the continued dominance of LockBit, and a possible disbursement of the Conti gang into other ransomware groups.
The post Ransomware: May 2022 review appeared first on Malwarebytes Labs.
Read moreCredit to Author: Paul Oliveria| Date: Wed, 01 Jun 2022 18:00:00 +0000
Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICpy, for example, is a Python tool dedicated to threat intelligence. It aims to help threat analysts acquire, enrich, analyze, and visualize data.
The post Using Python to unearth a goldmine of threat intelligence from leaked chat logs appeared first on Microsoft Security Blog.
Read moreCredit to Author: Mark Stockley| Date: Wed, 25 May 2022 12:46:33 +0000
A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34’s Saitama backdoor.
The post How the Saitama backdoor uses DNS tunnelling appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Mon, 16 May 2022 10:00:00 +0000
Malwarebytes Threat Intelligence has uncovered an attack using the lure of information about the war in Ukraine to target people in Germany.
The post Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Tue, 10 May 2022 20:49:30 +0000
On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is…
The post APT34 targets Jordan Government using new Saitama backdoor appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Fri, 06 May 2022 08:59:41 +0000
April 2022 saw the arrival of three new ransomware gangs and the unwelcome return of an old enemy.
The post Ransomware: April 2022 review appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Thu, 05 May 2022 15:06:36 +0000
Scamming, phishing and other data theft is all part of Nigeria Tesla’s portfolio.
The post Nigerian Tesla: 419 scammer gone malware distributor unmasked appeared first on Malwarebytes Labs.
Read moreCredit to Author: Christine Barrett| Date: Thu, 21 Apr 2022 16:00:00 +0000
Learn how supply chains, shadow IT, and other factors are growing the external attack surface—and where you need to defend your enterprise.
The post Discover the anatomy of an external cyberattack surface with new RiskIQ report appeared first on Microsoft Security Blog.
Read moreCredit to Author: Threat Intelligence Team| Date: Mon, 11 Apr 2022 19:26:54 +0000
Get the latest information on ransomware trends with our monthly review.
The post Ransomware: March 2022 review appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Tue, 05 Apr 2022 18:36:35 +0000
We discovered an interesting trick used by Colibri Loader to survive reboots that takes advantage of a legitimate command in PowerShell.
The post Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique appeared first on Malwarebytes Labs.
Read more