Credit to Author: Peter Girnus| Date: Thu, 15 Jun 2023 00:00:00 +0000
We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware.
Read moreCredit to Author: Sunny Lu| Date: Wed, 14 Jun 2023 00:00:00 +0000
This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor.
Read moreCredit to Author: Ted Lee| Date: Tue, 02 May 2023 00:00:00 +0000
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
Read moreCredit to Author: Vickie Su| Date: Thu, 23 Mar 2023 00:00:00 +0000
After months of investigation, we found that several undisclosed malware and interesting tools used for exfiltration purposes were being used by Earth Preta. We also observed that the threat actors were actively changing their tools, tactics, and procedures (TTPs) to bypass security solutions. In this blog entry, we will introduce and analyze the other tools and malware used by the threat actor.
Read moreCredit to Author: Daniel Lunghi| Date: Wed, 01 Mar 2023 00:00:00 +0000
We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.
Read moreCredit to Author: Joseph C Chen| Date: Fri, 17 Feb 2023 00:00:00 +0000
We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea.
Read moreCredit to Author: Hara Hiroaki| Date: Thu, 16 Feb 2023 00:00:00 +0000
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.
Read moreCredit to Author: Mohamed Fahmy| Date: Thu, 02 Feb 2023 00:00:00 +0000
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.
Read more