Hajime, the mysterious evolving botnet

by Jornt van der Wiel
25 Apr 2017 at 8:58am
Hajime (meaning ?beginning? in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. In this blogpost we outline some of the recent ?improvements? to Hajime, some techniques that haven?t been made public, and some statistics about infected Io...

XPan, I am your father

by Anton Ivanov
24 Apr 2017 at 8:55am
While we have previously written on the now infamous XPan ransomware family, some of it?s variants are still affecting users primarily located in Brazil. This sample is what could be considered as the ?father? of other XPan ransomware variants. A considerable amount of indicators within the sourc...

Exploits: how great is the threat?

by Kaspersky Lab
20 Apr 2017 at 8:57am
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it?s time to revisit that question. Using our own telemetry data and intelligence reports as well as publicly available information, we?ve looked ...

Personalized Spam and Phishing

by Maria Vergelis
19 Apr 2017 at 9:58am
Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him. Thus, in the malicious mailing that we discovered last month, spammers used the ac...

The security is still secure

by Nikita Shvetsov
13 Apr 2017 at 1:49pm
Recently WikiLeaks published a report that, among other things, claims to disclose tools and tactics employed by a state-sponsored organization to break into users' computers and circumvent installed security solutions. The list of compromised security products includes dozens of vendors and rela...

Old Malware Tricks To Bypass Detection in the Age of Big Data

by Suguru Ishimaru
13 Apr 2017 at 9:44am
Kaspersky Lab has been tracking a targeted attack actor?s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the file.

Unraveling the Lamberts Toolkit

by GReAT
11 Apr 2017 at 9:59am
The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008. The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

Ransomware in targeted attacks

by Anton Ivanov
4 Apr 2017 at 4:08pm
Ransomware's popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an...

ATMitch: remote administration of ATMs

by Sergey Golovanov
4 Apr 2017 at 8:59am
In February 2017, we published research on fileless attacks against enterprise networks. This second paper is about the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations ? basically enabling remote administration of ATMs.

Lazarus Under The Hood

by GReAT
3 Apr 2017 at 5:57pm
Today we'd like to share some of our findings, and add something new to what's currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank.

powered by dotcombinat


TOP Referrer

TOP Downloads

Mac OSX Widget



spam shirt

Partner Sites