Overview A new malware family called Stealc was released recently, which is a Spyware designed to copy files, credentials and other sensitive information from the victim’s hard drive and make them available to the attacker. It also employs a variety of techniques to evade detection, including one technique based on
Introduction With this article, we are ready to share a new series of posts that will reveal the latest signature and detection changes. Constant research in threat landscape is vital to VMRay products – DeepResponse, FinalVerdict and TotalInsight – as it allows us to react to the latest malware developments
Introduction With this article, we are ready to share a new series of posts that will reveal the latest signature and detection changes. Constant research in threat landscape is vital to VMRay products – DeepResponse, FinalVerdict and TotalInsight – as it allows us to react to the latest malware developments
Introduction Historically, leveraging shared threat intelligence for malware detection has presented significant challenges to security teams. These challenges stem from the ever-evolving nature of malware threats, as well as the need for timely and accurate intelligence sharing among relevant parties. Traditional hash-based indicators, which rely on precise matches, frequently fall
Introduction Finally, spring has come to our headquarters, bringing a fresh and new start. The freshness came around to VMRay’s products, too, as we are proud to introduce our new product portfolio that aims to boost the productivity of security operations. You will find more information on our products further
Introduction As threat actors continue to evolve their tactics for distributing malware, we’ve been hard at work to stay on top of the latest trends to ensure VMRay platform can effectively analyze new file formats. One such attack trend that has gained popularity among threat actors is OneNote attachments. Microsoft
Introduction Just before closing off the year 2022, a new ransomware called CatB appeared on VirusTotal. Compared to other ransomware, this new malware family gets shipped with unique characteristics that make this recent market joiner interesting: Before the ransomware is executed, its loader component performs basic evasion checks to ensure
Introduction We know malware doesn’t take a day off, but we hope you will enjoy the winter holiday season. Welcome back, and let’s start the new year with another awesome release of VMRay Analyzer. The first news is improving our release versioning convention. The release name now reflects a chronological
Introduction The ML series blogs we posted, recently, focused on the details of creating ML models addressing VMRay’s defined use case, which is enhancing its phishing URL detection. In this series, we tackled how we engineered features (i.e. feature engineering) to be used in model training, using the clean output
Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of
Introduction The major focus of the VMRay Platform v4.7 release is its enhanced support for security automation. We’ve also made some improvements to the platform’s core capabilities. Here are some of the highlights: New dashboard to ease customers’ journey towards full security automation with VMRay. Enhancements to the IR Mailbox
Introduction Malware threat landscape is constantly shifting towards advanced and targeted cyber attacks. It’s hard to find the balance between the increasing need for higher level of detection with to overwhelming your teams with higher volume and frequency of alerts, which lead to alert fatigue. It’s not just about detecting
Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families
For the last 10 years I worked in the EU and Asia-Pacific regions, but in 2021, I became the Chief Information Security Officer (CISO) for a regional US Bank. This new experience has been both challenging and exciting. Below are five key lessons learned from my first year as a
The VMRay Platform v4.6.0 release incorporates several new features and enhancements to help CERT and incident response teams enhance the efficiency of their operations. Here are some of the highlights: Improved overviews of manual searches conducted by enterprise SOC teams and managed security services providers (MSSPs). Support for macOS Big
Why (and which) data is essential to create a reliable Machine Learning model? Machine Learning Blog Post Series – 4: By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Why we need Machine Learning in Cybersecurity, and
Introduction VMRay Analyzer version 4.5 adds the capability to extract malware configurations. In this blog post we take a deep dive into malware configurations: what are they, how can they be used, and how VMRay Analyzer extracts and presents them. How Do I Use an Extracted Malware Configuration? The configuration
Why do we need Machine Learning in cybersecurity and how can it help? Machine Learning Blog Post Series – 3 By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Data – The fuel that powers Machine Learning
Introduction Artificial intelligence, and more precisely machine learning (ML), has become an almost omnipresent topic in the tech industry over the last decade. ML is applied to all kinds of problems, from image and speech recognition, online fraud detection, up to stock market predictions. It seems just natural to also
Writing this introduction for the Platform 4.5.0 release has been a thrill, considering its incredible content. Yet, it wasn’t an easy task. How can you find a common theme for a release that includes two new, yet different, major capabilities? One, a breakthrough in phishing detection using Machine Learning. Two,
The Main Concepts of AI and Machine Learning: An Overview By Martin Rupp Blog Series 1: Machine Learning and Cyber Security: An Introduction Blog Series 1: Machine Learning and Cyber Security: An Introduction The WEF forecasts the global value of AI in cyber security to grow up to 46 billion
Blog Series The Main Concepts of AI and Machine Learning Why do we need Machine Learning in Cybersecurity, and how can it help? Data: The fuel that powers Machine Learning AI is everywhere. Its usage is most often connected with virtual assistants such as Cortana or Siri for example or
Malware Analysis Spotlight: Tried and Tested – Smoke Loader By the VMRay Labs Team Smoke Loader is a downloader which is capable of downloading and deploying other payloads, or downloading additional plugins. Its plugins offer functionality related to, for example, credentials and cookie stealing, DDoS, or remote access. It’s been
Sing Malware Sandboxes for Initial Triage and Incident Response By Koen Van Impe Learn from this practical case study how VMRay Analyzer helped with getting an accurate and noise-free analysis for initial triage and obtaining the relevant indicators of compromise for faster incident response. Computer security is a fast moving
Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing
Basic Automation with the VMRay API By Koen Van Impe Learn more about integrating VMRay Analyzer in different areas of your organizations and how to use its API to automate the submission and processing of the analysis of malware. According to a report from Honeywell the use of USB removable
XLoader’ Cross-platform Support Utilizing XBinder From the VMRay Labs Team Introduction Lately, a rebranded version of the stealer FormBook named XLoader has emerged. In contrast to FormBook, which targets Windows only, XLoader supports macOS as well. During our research, we observed Office documents, which exploit vulnerabilities in MS Office products,
Phishing Kit Kuzuluy Impersonating Paypal In this Malware Analysis Spotlight, we will take a look at a phishing kit related to Kuzuluy, also known as KuzuluyArt. According to Twitter user MaelSecurity, there was a Phishing-as-a-Service associated with Kuzuluy impersonating PayPal in late 2019. At the time of our research, the
Investigating Cyber Incidents Using the Security Stack By Kenneth Vignali, Incident Response Expert As a seasoned digital forensic and incident responder, I have come to appreciate the value of certain logs from parts of an organization’s security stack. Before investigating any cyber incident, it is extremely critical to ensure that
About a decade ago, in the good old “just SIEM it” days, the SOC was typically measured on quantity – the number of alerts validated, number of investigations escalated, number of infections mitigated, and so on. The challenges were how to make the SIEM work better – aggregation of events,
Executive Summary The ongoing shift to cloud-based offerings – SaaS, IaaS and PaaS – provides major advantages to customers. These include fast deployments, a modern & effective environment and enhanced security capabilities that traditional IT organizations cannot deliver on their own, due to high investment costs, fast-changing technology and gaps
In this Malware Analysis Spotlight, we are investigating a variant of the phishing kit created by Xbalti. Originally, there were two phishing kits developed by Xbalti. The first one is targeting Chase Bank customers, while the other one, which is the topic of this spotlight is targeting Japanese Amazon customers.
For organizations of all sizes, cyber attacks are not a matter of if, but when. Given that an organization is going to experience security incidents, attacks and even breaches, a cyber incident response team and plan is critical. In a sophisticated threat landscape, what are the key considerations to building
As the cyber-threat landscape evolves and data breaches become more common, incident response has become more critical than ever. A CSIRT (Computer Security Incident Response Team) is a body of people assigned with the responsibility of responding to and minimizing the impact of any incidents that affect the organization. This
Introduction – Sign In To Continue Engineers have put a lot of work into making today’s websites effortless to browse. When we browse the web, we typically reach the function of a website we want without ever thinking about what we need to click. Websites present their options clearly, and
When it comes to incident response, the quicker a business deals with the threat, the better. It’s not just about being able to respond in a timely manner, it’s also about having the right persons and plan in place to deal with the event effectively. How to Build An Effective
VMRay Now Defends your Business and Brand with ETD In case you missed it, the world of cybersecurity changed over the last six months. McKinsey put it politely this way in a recent report: security teams “must no longer be seen as a barrier to growth but rather become recognized
Today, organizations of all sizes now become targets of cyber threats. There is always the ominous risk that cybercriminals can gain access to an organization’s network – which is still, despite all efforts of moving data to the cloud, the central backbone of many organizations’ infrastructure. Once an attacker is
Introduction In this Malware Analysis Spotlight, we will take a look at a phishing attempt targeting customers of the popular US-based bank Chase. We discovered the URL of the phishing page at the end of March 2021 and found several similar pages. The phishing page uses JQuery and Ajax to
Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user
Introduction In this Malware Analysis Spotlight, we’ll share our research about a phishing kit that was used at the end of March to steal banking information of Polish users of the OnLine eXchange (OLX) trading platform. We are referring to the phishing kit as Blackhat_Coder based on the Telegram user
Hancitor can be grouped into the category of downloaders that are often responsible for delivering further malware families into a compromised network. Recently, it has been observed delivering the Ficker Stealer, Cobalt Strike, and the Cuba ransomware among others. It is usually distributed to the victim via malicious spam campaigns
Agent Tesla is a spyware that has been around since 2014. It’s in active development, constantly being updated and improved with new features, obfuscation, and encryption methods. The malware is sold as a service with a relatively cheap licensing model, which makes it particularly easy to use and can explain
With the release of version 4.0 last year, the VMRay Platform took a huge leap forward and further solidified itself as the preeminent software for SOC and CERT teams that need automated analysis and detection of advanced threats. Version 4.1 further rounded out the offering with incremental yet significant enhancements,
Introduction to SocialPhish – An Open-Source Phishing Toolkit In the following Malware Analysis Spotlight, we will take a look at phishing campaigns that are likely generated by abusing an open-source phishing toolkit – SocialPhish. SocialPhish’s README states that at least some of its phishing templates were generated by SocialFish (another
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!