THREAT INTEL

PBot: a Python-based adware

PBot: a Python-based adware

April 18, 2018

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker,…

Magnitude exploit kit switches to GandCrab ransomware

April 17, 2018

The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we…

Encryption 101: decryption tool code walkthrough

Encryption 101: decryption tool code walkthrough

April 12, 2018

We have reached the final installment of our Encryption 101 series. In the prior post, we walked through, in detail, the…

'FakeUpdates' campaign leverages multiple website platforms

‘FakeUpdates’ campaign leverages multiple website platforms

April 10, 2018

A malware campaign which seems to have started at least since December 2017 has been gaining steam by enrolling a growing…

Keyboard locked in a chain.

LockCrypt ransomware: weakness in code can lead to recovery

April 4, 2018

At the start of the year, it seemed that 2018 was going to be all about cryptominers. They so overwhelmingly dominated…

Another Day, Another PUP

Exploit kits: Winter 2018 review

March 29, 2018

In the past, we used to do a blog series on exploit kits where we would periodically check in on the…

An in-depth malware analysis of QuantLoader

An in-depth malware analysis of QuantLoader

March 28, 2018

This guest post is written by Vishal Thakur, CSIRT/Salesforce. For more on Vishal, read his bio at the end of the…

Encryption 101: Decryptor's thought process

Encryption 101: Decryptor’s thought process

March 27, 2018

In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live…

Malicious cryptomining and the blacklist conundrum

Malicious cryptomining and the blacklist conundrum

March 26, 2018

When Coinhive first came out in September of 2017, it was fairly easy to identify websites using browser miners by looking…