Family Overview Beginning November 2022 here at VMRay we noticed increased activity of the Amadey information stealer malware. Monitoring of the threat landscape over the past several months showed this trend in the malware activity continued and the family is active as we speak. Our observations, together with public reports
Download The Report Introduction Having meticulously dissected the intricate delivery methods employed by BumbleBee in our previous blog post, we embarked on a journey through the multifaceted and complex delivery chains that enable its stealthy penetration. From the covert utilization of seemingly innocuous files to ingenious tactics that evade detection,
Introduction The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cybersecurity landscape. Recently, the VMRay
BumbeBee loader: an overview In March of 2022 a new loader equipped with more than 50 evasion techniques was spotted in the wild: BumbleBee employs a variety of methods to escape detection – from complex delivery chains and hooking-based loading to iterating through a collection of evasion techniques to detect
In the ever-evolving landscape of cybersecurity, tools like VirusTotal can provide invaluable insights. However, as a recent headline-grabbing incident demonstrated, it’s crucial to understand how to use these resources responsibly to avoid accidental data leaks. In today’s evolving cybersecurity landscape, two phrases are gaining traction and for good reason –
Introduction Writing this introduction for the VMRay 2023.3.0 release has been a thrill, considering bringing a significant game-changer to our products. The summer heat in our Bochum headquarters is at its best. To relieve the scorch, we are shipping a long-awaited coolness – Static and Dynamic Analysis of Linux executables.
Overview With our latest release, VMRay Platform version 2023.2, we introduced support for Microsoft OneNote documents, recently abused by multiple threat actors. As announced in a recent blog post, the VMRay Platform continuously extends its capabilities to ensure our product is still able to deal with the the latest trends
Introduction BumbleBee is a fairly new malware loader that targets Windows computers. The initial discovery occurred in March 2022, marking a full year since its emergence. In this blog post, we’ll summarize BumbleBee’s activities, features, and important points based on the research published over the past year. Getting a handle
Overview A new malware family called Stealc was released recently, which is a Spyware designed to copy files, credentials and other sensitive information from the victim’s hard drive and make them available to the attacker. It also employs a variety of techniques to evade detection, including one technique based on
Introduction With this article, we are ready to share a new series of posts that will reveal the latest signature and detection changes. Constant research in threat landscape is vital to VMRay products – DeepResponse, FinalVerdict and TotalInsight – as it allows us to react to the latest malware developments
Introduction With this article, we are ready to share a new series of posts that will reveal the latest signature and detection changes. Constant research in threat landscape is vital to VMRay products – DeepResponse, FinalVerdict and TotalInsight – as it allows us to react to the latest malware developments
Introduction Historically, leveraging shared threat intelligence for malware detection has presented significant challenges to security teams. These challenges stem from the ever-evolving nature of malware threats, as well as the need for timely and accurate intelligence sharing among relevant parties. Traditional hash-based indicators, which rely on precise matches, frequently fall
Introduction Finally, spring has come to our headquarters, bringing a fresh and new start. The freshness came around to VMRay’s products, too, as we are proud to introduce our new product portfolio that aims to boost the productivity of security operations. You will find more information on our products further
Introduction As threat actors continue to evolve their tactics for distributing malware, we’ve been hard at work to stay on top of the latest trends to ensure VMRay platform can effectively analyze new file formats. One such attack trend that has gained popularity among threat actors is OneNote attachments. Microsoft
Introduction Just before closing off the year 2022, a new ransomware called CatB appeared on VirusTotal. Compared to other ransomware, this new malware family gets shipped with unique characteristics that make this recent market joiner interesting: Before the ransomware is executed, its loader component performs basic evasion checks to ensure
Introduction We know malware doesn’t take a day off, but we hope you will enjoy the winter holiday season. Welcome back, and let’s start the new year with another awesome release of VMRay Analyzer. The first news is improving our release versioning convention. The release name now reflects a chronological
Introduction The ML series blogs we posted, recently, focused on the details of creating ML models addressing VMRay’s defined use case, which is enhancing its phishing URL detection. In this series, we tackled how we engineered features (i.e. feature engineering) to be used in model training, using the clean output
Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of
Introduction The major focus of the VMRay Platform v4.7 release is its enhanced support for security automation. We’ve also made some improvements to the platform’s core capabilities. Here are some of the highlights: New dashboard to ease customers’ journey towards full security automation with VMRay. Enhancements to the IR Mailbox
Introduction Malware threat landscape is constantly shifting towards advanced and targeted cyber attacks. It’s hard to find the balance between the increasing need for higher level of detection with to overwhelming your teams with higher volume and frequency of alerts, which lead to alert fatigue. It’s not just about detecting
Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families
For the last 10 years I worked in the EU and Asia-Pacific regions, but in 2021, I became the Chief Information Security Officer (CISO) for a regional US Bank. This new experience has been both challenging and exciting. Below are five key lessons learned from my first year as a
The VMRay Platform v4.6.0 release incorporates several new features and enhancements to help CERT and incident response teams enhance the efficiency of their operations. Here are some of the highlights: Improved overviews of manual searches conducted by enterprise SOC teams and managed security services providers (MSSPs). Support for macOS Big
Why (and which) data is essential to create a reliable Machine Learning model? Machine Learning Blog Post Series – 4: By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Why we need Machine Learning in Cybersecurity, and
Introduction VMRay Analyzer version 4.5 adds the capability to extract malware configurations. In this blog post we take a deep dive into malware configurations: what are they, how can they be used, and how VMRay Analyzer extracts and presents them. How Do I Use an Extracted Malware Configuration? The configuration
Why do we need Machine Learning in cybersecurity and how can it help? Machine Learning Blog Post Series – 3 By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Data – The fuel that powers Machine Learning
Introduction Artificial intelligence, and more precisely machine learning (ML), has become an almost omnipresent topic in the tech industry over the last decade. ML is applied to all kinds of problems, from image and speech recognition, online fraud detection, up to stock market predictions. It seems just natural to also
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
