Securelist

Trickbot module descriptions

1 day 3 hours ago
In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules.
Oleg Kupreev

Lyceum group reborn

2 days 2 hours ago
According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.
Mark Lechtik, Aseel Kayal, Paul Rascagneres

MysterySnail attacks with Windows zero-day

1 week ago
We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail.
Boris Larin, Costin Raiu

SAS 2021: Learning to ChaCha with APT41

1 week ago
John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor’s attribution and the payload, including the infamous CobaltStrike.
Securelist

SAS 2021: Fireside chat with Chris Bing

1 week 1 day ago
How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each other in their work.
Securelist

SAS 2021: Operation Software Concepts

1 week 1 day ago
Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector.
Securelist

Ransomware in the CIS

1 week 6 days ago
Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker.
Fedor Sinitsyn, Yanis Zinchenko
Checked
1 hour 49 minutes ago
Securelist
Subscribe to Securelist feed