ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tag: malware analysis

2020-07-09

Threat Bulletin: Dissecting GuLoader’s Evasion Techniques

Editor’s Note: This blog post was updated on August 10, 2020. Over the last couple of months, we observed a new downloader called GuLoader (also known as CloudEyE) that has been actively distributed in 2020. In contrast to prototypical downloaders, GuLoader is known to use popular cloud services such as
Read More
2020-07-01

Threat Bulletin: Cutting-off the Command-and-Control Infrastructure of CollectorGoomba

A Primer on Spyware-as-a-Service The rise in spyware-as-a-service allows cyber-criminals to choose a specialty, whether improving spyware, infecting users, or maximizing the profit derived from stolen information. The business model for spyware-as-a-service starts with an individual or team to developing the initial spyware and standing up any necessary infrastructure that
Read More
2020-06-17

Malware Analysis Spotlight: Phishing Site Spread through SMS

In this Malware Analysis Spotlight, the VMRay Labs looks at the behavior of a phishing site distributed through an SMS message. Based on the content of the SMS message, this does not seem to be part of a targeted attack but rather part of a massive phishing campaign that aims
Read More
2020-06-08

Threat Bulletin: RagnarLocker Ransomware

In April 2020, the systems of Portuguese multinational energy giant Energias de Portugal (EDP) were encrypted by RagnarLocker Ransomware. The operators of RagnarLocker demanded a ransom of 1580 Bitcoin ($10.9M). Based on the ransom notes left on EDP’s systems (Figure 1) which directly mentioned the company, it’s clear that it
Read More
2020-06-03

VMRay & Anomali: Deliver Seamlessly Integrated Threat Analysis & Intelligence

In April 2020, the systems of Portuguese multinational energy giant Energias de Portugal (EDP) were encrypted by RagnarLocker Ransomware. The operators of RagnarLocker demanded a ransom of 1580 Bitcoin ($10.9M). Based on the ransom notes left on EDP’s systems (Figure 1) which directly mentioned the company, it’s clear that it
Read More
2020-05-13

Malware Analysis Spotlight: Rhino Ransomware

In this Malware Analysis Spotlight, the VMRay Labs Team examines the behavior of Rhino Ransomware (first identified in April 2020). This sample was found by Twitter user @GrujaRS on May 4th. View the VMRay Analyzer Report The first step before the ransomware encrypts user files, it disables various services: wscsvc
Read More
2020-04-01

Good Apps Behaving Badly: Dissecting Zoom’s macOS Installer Workaround

This post was updated on April 3, 2020 to reflect Zoom’s response. It seems like overnight half the world switched to working from home and depending on Zoom for daily human interaction. Our own team is no exception, so it came as a surprise that the widely-used application installs itself
Read More
2020-03-25

SANS Webcast Recap: Practical Malware Family Identification for Incident Responders

Taxonomy is the science of naming, defining and classifying groups of biological organisms based on shared characteristics. Fundamentally it’s an organization scheme that has allowed scientists to study organisms without confusion or overlap since the Swedish naturalist Carl Linnaeus introduced his framework for a uniform naming system more than 300
Read More
2020-02-21

Accelerating Incident Response with VMRay & MITRE ATT&CK

In this short video, we will demonstrate how security teams can leverage the mapping of VMRay’s analysis results to the MITRE ATT&CK framework for more effective incident response. ATT&CK is the industry-standard framework and knowledge base of adversary tactics and techniques, threat groups, and related software and tools. The entire
Read More
2020-01-22

Analyzing ZeroCleare’s Behavior Using a Malware Sandbox

View the VMRay Analyzer Report for ZeroCleare “ZeroCleare” is a new strain of malware discovered by IBM X-Force Incident Response and Intelligence Services (IRIS) this past December. In the 28-page report, the IRIS Team revealed that ZeroCleare was used to execute an attack on Middle East organizations in the energy
Read More

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay