Introduction Finally, spring has come to our headquarters, bringing a fresh and new start. The freshness came around to VMRay’s products, too, as we are proud to introduce our new product portfolio that aims to boost the productivity of security operations. You will find more information on our products further
Introduction As threat actors continue to evolve their tactics for distributing malware, we’ve been hard at work to stay on top of the latest trends to ensure VMRay platform can effectively analyze new file formats. One such attack trend that has gained popularity among threat actors is OneNote attachments. Microsoft
Introduction Just before closing off the year 2022, a new ransomware called CatB appeared on VirusTotal. Compared to other ransomware, this new malware family gets shipped with unique characteristics that make this recent market joiner interesting: Before the ransomware is executed, its loader component performs basic evasion checks to ensure
Introduction We know malware doesn’t take a day off, but we hope you will enjoy the winter holiday season. Welcome back, and let’s start the new year with another awesome release of VMRay Analyzer. The first news is improving our release versioning convention. The release name now reflects a chronological
Introduction The ML series blogs we posted, recently, focused on the details of creating ML models addressing VMRay’s defined use case, which is enhancing its phishing URL detection. In this series, we tackled how we engineered features (i.e. feature engineering) to be used in model training, using the clean output
Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of
Introduction The major focus of the VMRay Platform v4.7 release is its enhanced support for security automation. We’ve also made some improvements to the platform’s core capabilities. Here are some of the highlights: New dashboard to ease customers’ journey towards full security automation with VMRay. Enhancements to the IR Mailbox
Introduction Malware threat landscape is constantly shifting towards advanced and targeted cyber attacks. It’s hard to find the balance between the increasing need for higher level of detection with to overwhelming your teams with higher volume and frequency of alerts, which lead to alert fatigue. It’s not just about detecting
Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families
For the last 10 years I worked in the EU and Asia-Pacific regions, but in 2021, I became the Chief Information Security Officer (CISO) for a regional US Bank. This new experience has been both challenging and exciting. Below are five key lessons learned from my first year as a
The VMRay Platform v4.6.0 release incorporates several new features and enhancements to help CERT and incident response teams enhance the efficiency of their operations. Here are some of the highlights: Improved overviews of manual searches conducted by enterprise SOC teams and managed security services providers (MSSPs). Support for macOS Big
Why (and which) data is essential to create a reliable Machine Learning model? Machine Learning Blog Post Series – 4: By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Why we need Machine Learning in Cybersecurity, and
Introduction VMRay Analyzer version 4.5 adds the capability to extract malware configurations. In this blog post we take a deep dive into malware configurations: what are they, how can they be used, and how VMRay Analyzer extracts and presents them. How Do I Use an Extracted Malware Configuration? The configuration
Why do we need Machine Learning in cybersecurity and how can it help? Machine Learning Blog Post Series – 3 By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Data – The fuel that powers Machine Learning
Introduction Artificial intelligence, and more precisely machine learning (ML), has become an almost omnipresent topic in the tech industry over the last decade. ML is applied to all kinds of problems, from image and speech recognition, online fraud detection, up to stock market predictions. It seems just natural to also
Writing this introduction for the Platform 4.5.0 release has been a thrill, considering its incredible content. Yet, it wasn’t an easy task. How can you find a common theme for a release that includes two new, yet different, major capabilities? One, a breakthrough in phishing detection using Machine Learning. Two,
The Main Concepts of AI and Machine Learning: An Overview By Martin Rupp Blog Series 1: Machine Learning and Cyber Security: An Introduction Blog Series 1: Machine Learning and Cyber Security: An Introduction The WEF forecasts the global value of AI in cyber security to grow up to 46 billion
Blog Series The Main Concepts of AI and Machine Learning Why do we need Machine Learning in Cybersecurity, and how can it help? Data: The fuel that powers Machine Learning AI is everywhere. Its usage is most often connected with virtual assistants such as Cortana or Siri for example or
Updated on: 2024-12-02 Smoke Loader is a malware downloader that is capable of downloading and deploying other payloads or additional plugins. Its plugins offer functionality related to credentials and cookie stealing , DDoS, or remote access. Smoke Loader has been used to download various threats and secondary payloads like the
Sing Malware Sandboxes for Initial Triage and Incident Response By Koen Van Impe Learn from this practical case study how VMRay Analyzer helped with getting an accurate and noise-free analysis for initial triage and obtaining the relevant indicators of compromise for faster incident response. Computer security is a fast moving
Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing
Basic Automation with the VMRay API By Koen Van Impe Learn more about integrating VMRay Analyzer in different areas of your organizations and how to use its API to automate the submission and processing of the analysis of malware. According to a report from Honeywell the use of USB removable
XLoader’ Cross-platform Support Utilizing XBinder From the VMRay Labs Team Introduction Lately, a rebranded version of the stealer FormBook named XLoader has emerged. In contrast to FormBook, which targets Windows only, XLoader supports macOS as well. During our research, we observed Office documents, which exploit vulnerabilities in MS Office products,
Phishing Kit Kuzuluy Impersonating Paypal In this Malware Analysis Spotlight, we will take a look at a phishing kit related to Kuzuluy, also known as KuzuluyArt. According to Twitter user MaelSecurity, there was a Phishing-as-a-Service associated with Kuzuluy impersonating PayPal in late 2019. At the time of our research, the
Investigating Cyber Incidents Using the Security Stack By Kenneth Vignali, Incident Response Expert As a seasoned digital forensic and incident responder, I have come to appreciate the value of certain logs from parts of an organization’s security stack. Before investigating any cyber incident, it is extremely critical to ensure that
About a decade ago, in the good old “just SIEM it” days, the SOC was typically measured on quantity – the number of alerts validated, number of investigations escalated, number of infections mitigated, and so on. The challenges were how to make the SIEM work better – aggregation of events,
Executive Summary The ongoing shift to cloud-based offerings – SaaS, IaaS and PaaS – provides major advantages to customers. These include fast deployments, a modern & effective environment and enhanced security capabilities that traditional IT organizations cannot deliver on their own, due to high investment costs, fast-changing technology and gaps
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
