Trickbot module descriptions

1 day 3 hours ago
In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules.
Oleg Kupreev

Lyceum group reborn

2 days 2 hours ago
According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.
Mark Lechtik, Aseel Kayal, Paul Rascagneres

MysterySnail attacks with Windows zero-day

1 week ago
We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail.
Boris Larin, Costin Raiu

SAS 2021: Learning to ChaCha with APT41

1 week ago
John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor’s attribution and the payload, including the infamous CobaltStrike.

SAS 2021: Fireside chat with Chris Bing

1 week 1 day ago
How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each other in their work.

SAS 2021: Operation Software Concepts

1 week 1 day ago
Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector.

Ransomware in the CIS

1 week 6 days ago
Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker.
Fedor Sinitsyn, Yanis Zinchenko
1 hour 49 minutes ago
Subscribe to Securelist feed