Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users…
Tag: hasherezade
The Hidden Bee infection chain, part 1: the stegano pack
About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex…
EternalPetya – yet another stolen piece in the package?
Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one,…
LatentBot piece by piece
LatentBot is a multi-modular Trojan written in Delphi and known to have been around since 2013. Recently, we captured and dissected…
Elusive Moker Trojan is back
UPDATE: This trojan is also known under the names Yebot and Tilon. According to Dr Web, this family is in circulation…
Diamond Fox – part 2: let’s dive in the code
In a previous post we made an initial analysis of a Diamond Fox bot delivered by the Nebula Exploit Kit (more about…
Explained: Sage ransomware
Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files…
Diamond Fox – part 1: introduction and unpacking
Diamond Fox (also known as Gorynch) is a stealer written in Visual Basic that has been present on the black market…
Explained: Spora ransomware
Nowadays, ransomware has become the most popular type of malware. Most of the new families are prepared by amateurs (script-kiddies) and…
Zbot with legitimate applications on board
Source code of the infamous ZeuS malware leaked in 2011. Since that time, many cybercriminals has adopted it and augmented with…