ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
Try VMRay
2020-10-06

[SANS Webcast Recap] Power! Unlimited Power! Understanding the Techniques of Malicious Kernel-Mode Code

Kernel-mode malware is among the most difficult to detect and remove. In this post—condensed from a SANS webcast featuring SANS analyst Jake Williams and VMRay Sr. Threat Researcher Tamas Boczan present an introduction into kernel-mode rootkits, explaining why attackers use them, how they bypass mitigations built into Windows and break
Read More
2020-10-01

Malware Analysis Spotlight: Formbook (September 2020)

A Fresh Look at an Old Problem Formbook is a well-known malware family of data stealers and form grabbers. Sold as “malware-as-a-service” on hacking forums since early 2016, anyone so inclined can purchase a subscription and use the Formbook tool. It is usually distributed using malspam containing malicious attachments and
Read More
2020-09-15

Malware Analysis Spotlight: Qbot’s Delivery Method

The Re-Emergence of Qbot After more than a decade in operation, the Qbot Trojan is back in the news. A modified version of the malware which now extracts email threads from Outlook to use in phishing attacks was used in a prominent campaign that ran from March to the end
Read More
2020-09-14

VMRay Signs Partnership with Sababa Security to Expand into Italian Cybersecurity Market

Bochum, Germany – Sept 15, 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed a strategic partnership with Sababa Security, a cybersecurity vendor based in Milan, Italy. The new agreement will enable Sababa Security to integrate VMRay’s solutions into its security

Read More
2020-09-09

VMRay Signs Partnership with Deepcase to Expand Into the Growing Turkish Cybersecurity Market

Bochum, Germany – Sept 9, 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed a strategic reseller partnership with Deepcase, a provider of threat hunting, Digital Forensics and Incident Response (DFIR), and other threat intelligence services headquartered in Ankara, Turkey. The
Read More
2020-09-08

VMRay Platform v4.0.0: Link Detonation, Smart Caching, Enhanced IOC Extraction, and more

With the September release of VMRay Platform v4.0.0, we’re pleased to introduce significant improvements to all three of our products ‑ Analyzer, Detector, and Email Threat Defender (ETD), particularly in matters related to handling malicious links. These enhancements include: The launch of a powerful and unique new method of dynamic
Read More
2020-09-02

VMRay Signs Technology Partnership With Anomali Featuring Free Daily Malware Reports To Customers

Leading Malware Analysis Solution Available Via Anomali ThreatStream Opens the Door for Security Teams to Unlock Unprecedented Threat Intelligence and Visibility Boston, MA – September 2, 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced a free-of-charge offering to all Anomali ThreatStream customers. The offering
Read More
2020-08-20

Threat Bulletin: WastedLocker Ransomware

Targeted ransomware is a common occurrence nowadays. Recently Garmin confirmed to have been the target of a ransomware attack on July 23, 2020, which led to the interruption of many of their online services. According to Bleeping Computer, the ransomware has been confirmed to be WastedLocker. The article goes on
Read More
2020-08-19

VMRay Signs Distribution Agreement with RAH Infotech to Expand Reach In The Growing APAC Market

Leading Malware Analysis & Detection Provider Signs Agreement with India’s Fastest Growing Value-Added Distributor Bochum, Germany – Aug 26 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed a strategic distribution partnership with RAH Infotech, one of India’s fastest-growing value-added distributors
Read More
2020-08-17

SANS Webcast Recap: Defense Against Dark Arts – Dissecting Sandbox Evasion Techniques

If you are of a certain age, you might remember Mad Magazine’s satirical Spy v. Spy comic strip in which two agents – one dressed completely in white and the other in black – would try and outwit and annihilate each other on a weekly basis. Malware authors and the
Read More
2020-08-11

Malware Analysis Spotlight: MassLogger’s Noisy Stealing Attempts

In this Malware Analysis Spotlight, the VMRay Labs Team will examine MassLogger, a Spyware/Stealer that was first publicly observed in-the-wild at the end of April. During our analysis, we monitored a significant amount of behavioral matches for techniques that MassLogger uses to discover the host machine and to steal sensitive
Read More
2020-07-22

Malware Analysis Spotlight: The Return of Emotet

After a long time of being inactive, the infamous malware delivery framework Emotet is back – the three Emotet botnets started pushing malicious spam on Friday, July 17. In this Malware Analysis Spotlight, we will take a look at one of the Microsoft Word documents used in the campaign (Figure
Read More
2020-07-16

Decoding the Verizon DBIR Report: An Insider’s Look Beyond the Headlines

This blog post was originally posted on Dark Reading. To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you. For the past 13 years, Verizon’s “Data Breach Investigations Report” (DBIR) has been the industry’s definitive resource for
Read More
2020-07-09

Threat Bulletin: Dissecting GuLoader’s Evasion Techniques

Editor’s Note: This blog post was updated on August 10, 2020. Over the last couple of months, we observed a new downloader called GuLoader (also known as CloudEyE) that has been actively distributed in 2020. In contrast to prototypical downloaders, GuLoader is known to use popular cloud services such as
Read More
2020-07-01

Threat Bulletin: Cutting-off the Command-and-Control Infrastructure of CollectorGoomba

A Primer on Spyware-as-a-Service The rise in spyware-as-a-service allows cyber-criminals to choose a specialty, whether improving spyware, infecting users, or maximizing the profit derived from stolen information. The business model for spyware-as-a-service starts with an individual or team to developing the initial spyware and standing up any necessary infrastructure that
Read More
2020-06-25

Indicators of Compromise (IOCs) and Artifacts: What’s the Difference?

In the world of malware analysis, there is sometimes confusion between the terms “artifacts” and “indicators of compromise (IOCs).” This is understandable because many malware analysis engines don’t distinguish between the two. First, let’s define the terms. When a malware sandbox dynamically analyzes a threat, it collects pieces of forensic
Read More
2020-06-17

Malware Analysis Spotlight: Phishing Site Spread through SMS

In this Malware Analysis Spotlight, the VMRay Labs looks at the behavior of a phishing site distributed through an SMS message. Based on the content of the SMS message, this does not seem to be part of a targeted attack but rather part of a massive phishing campaign that aims
Read More
2020-06-15

SANS Webcast Recap: Dissecting Living off the Land Techniques

Living off the Land Binaries – aka LOLBins – represent one of the more creative and insidious malware threats today. Attackers use LOLBins to evade detection by manipulating legitimate systems and processes for malicious purposes. In this post—condensed from a SANS webcast featuring SANS Analyst Jake Williams and VMRay Sr.
Read More
2020-06-08

Threat Bulletin: RagnarLocker Ransomware

In April 2020, the systems of Portuguese multinational energy giant Energias de Portugal (EDP) were encrypted by RagnarLocker Ransomware. The operators of RagnarLocker demanded a ransom of 1580 Bitcoin ($10.9M). Based on the ransom notes left on EDP’s systems (Figure 1) which directly mentioned the company, it’s clear that it
Read More
2020-06-03

VMRay & Anomali: Deliver Seamlessly Integrated Threat Analysis & Intelligence

In April 2020, the systems of Portuguese multinational energy giant Energias de Portugal (EDP) were encrypted by RagnarLocker Ransomware. The operators of RagnarLocker demanded a ransom of 1580 Bitcoin ($10.9M). Based on the ransom notes left on EDP’s systems (Figure 1) which directly mentioned the company, it’s clear that it
Read More
2020-05-14

Move Fast and Don’t Break Things (Part 2): Automated Malware De-obfuscation by Accurate API Monitoring

In our previous blog post, we showed how hypervisor-based API monitoring can achieve accurate logging of API calls at high performance, resulting in a more detailed view of the malware’s internal behavior. In this blog post we show three practical examples of how this more detailed view can be used
Read More
2020-05-13

Investing in Cyber Security: Why It’s Important to Protect Your Company During a Pandemic

Below is a short video highlighting the importance of investing in cyber security during a time where more employees are working from home. By keeping company infrastructures from vulnerable attacks, cyber security has become a key component to help malicious attacks from happening.

Read More
2020-05-13

Malware Analysis Spotlight: Rhino Ransomware

In this Malware Analysis Spotlight, the VMRay Labs Team examines the behavior of Rhino Ransomware (first identified in April 2020). This sample was found by Twitter user @GrujaRS on May 4th. View the VMRay Analyzer Report The first step before the ransomware encrypts user files, it disables various services: wscsvc
Read More
2020-05-07

Partner Q&A: Protecting Critical Healthcare Infrastructure from Disruption

Healthcare facilities around the world are under overwhelming pressure right now as the COVID-19 pandemic is straining every facet of their organizations. Adding to this challenge is the fact that criminal organizations are showing no signs of letting up. INTERPOL warned that cybercriminals are increasingly attempting to ‘lockout hospitals out
Read More
2020-05-06

VMRay Forges Distribution Agreement With ectacom GmbH

Leading Malware Detection Provider Signs First European Distributor Agreement to Expand Global Footprint and Support Double-Digit Sales Growth Bochum, Germany – May 6, 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed a strategic distribution partnership with ectacom GmbH, a leading
Read More
2020-05-04

Where Your Data is Stored and Why It Matters

It’s true all over the world – large enterprise organizations want flexibility and choice in where their data is stored. This is especially true in regulated industries such as health care, finance, and government that are bound by regulation and compliance to have control over where their data resides. For
Read More
2020-04-22

VMRay Platform Version 3.3 Highlights

With the April rollout of VMRay Platform Version 3.3, we’re introducing major enhancements to our advanced threat detection and analysis solutions: A new naming convention – VMRay Platform – articulates the unified nature of our solutions, core technology, and individual products: VMRay Analyzer, VMRay Detector, and VMRay Email Threat Defender.
Read More
2020-04-16

Move Fast and Don’t Break Things (Part 1): Accurate API Monitoring at High Performance

In designing systems, engineers often must navigate between two extremes. Resources are finite and compromises must be made between making something operate slowly and thoroughly or fast and recklessly. But what if a system could be both fast and accurate? Because of VMRay’s entirely hypervisor-based technology, it has the ability
Read More
2020-04-16

VMRay Expands Executive Leadership Team to Fuel Next Stage of Growth

Noted Industry Veterans from Kaspersky and Symantec Join Fast Growing Malware Analysis Provider to Support Market Expansion Bochum, Germany and Boston, MA – April 16, 2020 – VMRay, a provider of automated malware analysis and detection solutions, today announced the addition of two cybersecurity veterans to its executive ranks with
Read More
2020-04-07

Explained: The VMRay Threat Identifier (VTI) Scoring System

This post was updated on October 9, 2020 Please note: VMRay has recently simplified malware identification within our Platform with the Verdict system (read more about it here). This new Verdict system reduces the number of possible malware grading identifiers from eight to four (“Malicious”, “Suspicious”, “Clean”, and “Not Available”)
Read More
Vmray threatfeed

Latest Malware Analysis Reports

Access
Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2013-2025 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay
Days
Hours
Minutes
Seconds

Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!

Watch Now