Credit to Author: Mohamed Fahmy| Date: Fri, 29 Sep 2023 00:00:00 +0000
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
Read moreCredit to Author: Jaromir Horejsi| Date: Tue, 05 Sep 2023 00:00:00 +0000
We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.
Read moreCredit to Author: Paul Pajares| Date: Fri, 01 Sep 2023 00:00:00 +0000
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.
Read moreCredit to Author: Peter Girnus| Date: Tue, 20 Jun 2023 00:00:00 +0000
This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators.
Read moreCredit to Author: Peter Girnus| Date: Thu, 15 Jun 2023 00:00:00 +0000
We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware.
Read moreCredit to Author: Peter Girnus| Date: Fri, 09 Jun 2023 00:00:00 +0000
We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities.
Read moreCredit to Author: Jaromir Horejsi| Date: Mon, 15 May 2023 00:00:00 +0000
Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work.
Read moreCredit to Author: Ryan Soliven| Date: Thu, 02 Mar 2023 00:00:00 +0000
Find out how the Managed XDR team uncovered RedLine Stealer’s evasive spear-phishing campaign that targets the hospitality industry.
Read moreCredit to Author: Peter Girnus| Date: Tue, 17 Jan 2023 00:00:00 +0000
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.
Read moreCredit to Author: Mayumi Nishimura| Date: Wed, 16 Nov 2022 00:00:00 +0000
Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations.
Read more