Latest Avast Q3’21 Threat Report reveals elevated risk for ransomware and RAT attacks, rootkits and exploit kits return. Let us share with you more details about emerging threats...
The DirtyMoe is delivered by the PurpleFox exploit kit as the MSI installer package. The MSI installer is a popular way to deploy malware because it supports multiple configurations based on different Windows versions, all within one package.
Based on Jiří Vinopal's published analysis and found weaknesses in the AtomSilo and LockFile ransomware strains, we created free Avast decryptor for both of them. Read and download.
MyKings is a long-standing and relentless botnet which has been active from at least 2016. Our research has shown that, since 2019, the operators behind MyKings have amassed at least $24 million USD (and likely more) in the Bitcoin, Ethereum, and Dogecoin.
BluStealer (a310logger) is is a crypto stealer, keylogger, and document uploader written in Visual Basic that loads C#.NET hack tools to steal credentials.
The Windows kernel allows loading drivers signed with revoked certificates. The DirtyMoe driver is also signed with revoked certificates that are moreover widely abused in other malware. Motivated by these facts, this article analyzes the mechanism of how Windows manages certificate revocation...
The DirtyMoe malware is a complex malicious backdoor employing various self-protection and anti-forensics mechanisms. One of the more significant safeguards is a rootkit. The next article of the DirtyMoe series explains rootkit functionality in detail.
The Magnitude exploit kit, originally known as PopAds, has been around since at least 2012, which is an unusually long lifetime for an exploit kit. However, it’s not the same exploit kit today that it was nine years ago. Pretty much every part of Magnitude has changed multiple times since then. The...
New blog series on how threat actors abuse Cobalt Strike. This first part explains how to analyze, decode and parse Cobalt Strike payloads.
Follow us in our journey analyzing Mongolian certificate authority breach and certificate client backdoored with Cobalt Strike.