Introduction We know malware doesn’t take a day off, but we hope you will enjoy the winter holiday season. Welcome back, and let’s start the new year with another awesome release of VMRay Analyzer. The first news is improving our release versioning convention. The release name now reflects a chronological
Introduction The ML series blogs we posted, recently, focused on the details of creating ML models addressing VMRay’s defined use case, which is enhancing its phishing URL detection. In this series, we tackled how we engineered features (i.e. feature engineering) to be used in model training, using the clean output
Introduction In April of 2022 we’ve observed new Emotet samples which implemented considerable changes to the way they store and decode their configuration. For Emotet, the relevant information stored in a config file is the IP address and a port number. Each of them is stored in the form of
Introduction The major focus of the VMRay Platform v4.7 release is its enhanced support for security automation. We’ve also made some improvements to the platform’s core capabilities. Here are some of the highlights: New dashboard to ease customers’ journey towards full security automation with VMRay. Enhancements to the IR Mailbox
Introduction Malware threat landscape is constantly shifting towards advanced and targeted cyber attacks. It’s hard to find the balance between the increasing need for higher level of detection with to overwhelming your teams with higher volume and frequency of alerts, which lead to alert fatigue. It’s not just about detecting
Introduction In this Spotlight, we take another look at GuLoader. The malware family is active since at least 2020. It gained some attention because of its evasion techniques and abusing legitimate and popular cloud services to host its malicious payloads. The downloader is commonly used to deliver other malware families
For the last 10 years I worked in the EU and Asia-Pacific regions, but in 2021, I became the Chief Information Security Officer (CISO) for a regional US Bank. This new experience has been both challenging and exciting. Below are five key lessons learned from my first year as a
The VMRay Platform v4.6.0 release incorporates several new features and enhancements to help CERT and incident response teams enhance the efficiency of their operations. Here are some of the highlights: Improved overviews of manual searches conducted by enterprise SOC teams and managed security services providers (MSSPs). Support for macOS Big
Why (and which) data is essential to create a reliable Machine Learning model? Machine Learning Blog Post Series – 4: By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Why we need Machine Learning in Cybersecurity, and
Introduction VMRay Analyzer version 4.5 adds the capability to extract malware configurations. In this blog post we take a deep dive into malware configurations: what are they, how can they be used, and how VMRay Analyzer extracts and presents them. How Do I Use an Extracted Malware Configuration? The configuration
Why do we need Machine Learning in cybersecurity and how can it help? Machine Learning Blog Post Series – 3 By Shazia Saqib MACHINE LEARNING BLOG SERIES Machine Learning & Cybersecurity – An Introduction The main concepts of AI and Machine Learning Data – The fuel that powers Machine Learning
Introduction Artificial intelligence, and more precisely machine learning (ML), has become an almost omnipresent topic in the tech industry over the last decade. ML is applied to all kinds of problems, from image and speech recognition, online fraud detection, up to stock market predictions. It seems just natural to also
Writing this introduction for the Platform 4.5.0 release has been a thrill, considering its incredible content. Yet, it wasn’t an easy task. How can you find a common theme for a release that includes two new, yet different, major capabilities? One, a breakthrough in phishing detection using Machine Learning. Two,
The Main Concepts of AI and Machine Learning: An Overview By Martin Rupp Blog Series 1: Machine Learning and Cyber Security: An Introduction Blog Series 1: Machine Learning and Cyber Security: An Introduction The WEF forecasts the global value of AI in cyber security to grow up to 46 billion
Blog Series The Main Concepts of AI and Machine Learning Why do we need Machine Learning in Cybersecurity, and how can it help? Data: The fuel that powers Machine Learning AI is everywhere. Its usage is most often connected with virtual assistants such as Cortana or Siri for example or
Updated on: 2024-12-02 Smoke Loader is a malware downloader that is capable of downloading and deploying other payloads or additional plugins. Its plugins offer functionality related to credentials and cookie stealing , DDoS, or remote access. Smoke Loader has been used to download various threats and secondary payloads like the
Sing Malware Sandboxes for Initial Triage and Incident Response By Koen Van Impe Learn from this practical case study how VMRay Analyzer helped with getting an accurate and noise-free analysis for initial triage and obtaining the relevant indicators of compromise for faster incident response. Computer security is a fast moving
Emotet’s Use of Cryptography Presented by the VMRay Labs Team The group behind Emotet is the prime example of a very successful criminal enterprise. Emotet started out as a banking malware but over time evolved into a large botnet providing something akin to a malicious IaaS (Infrastructure-as-a-Service). It started providing
Basic Automation with the VMRay API By Koen Van Impe Learn more about integrating VMRay Analyzer in different areas of your organizations and how to use its API to automate the submission and processing of the analysis of malware. According to a report from Honeywell the use of USB removable
XLoader’ Cross-platform Support Utilizing XBinder From the VMRay Labs Team Introduction Lately, a rebranded version of the stealer FormBook named XLoader has emerged. In contrast to FormBook, which targets Windows only, XLoader supports macOS as well. During our research, we observed Office documents, which exploit vulnerabilities in MS Office products,
Phishing Kit Kuzuluy Impersonating Paypal In this Malware Analysis Spotlight, we will take a look at a phishing kit related to Kuzuluy, also known as KuzuluyArt. According to Twitter user MaelSecurity, there was a Phishing-as-a-Service associated with Kuzuluy impersonating PayPal in late 2019. At the time of our research, the
Investigating Cyber Incidents Using the Security Stack By Kenneth Vignali, Incident Response Expert As a seasoned digital forensic and incident responder, I have come to appreciate the value of certain logs from parts of an organization’s security stack. Before investigating any cyber incident, it is extremely critical to ensure that
About a decade ago, in the good old “just SIEM it” days, the SOC was typically measured on quantity – the number of alerts validated, number of investigations escalated, number of infections mitigated, and so on. The challenges were how to make the SIEM work better – aggregation of events,
Executive Summary The ongoing shift to cloud-based offerings – SaaS, IaaS and PaaS – provides major advantages to customers. These include fast deployments, a modern & effective environment and enhanced security capabilities that traditional IT organizations cannot deliver on their own, due to high investment costs, fast-changing technology and gaps
In this Malware Analysis Spotlight, we are investigating a variant of the phishing kit created by Xbalti. Originally, there were two phishing kits developed by Xbalti. The first one is targeting Chase Bank customers, while the other one, which is the topic of this spotlight is targeting Japanese Amazon customers.
For organizations of all sizes, cyber attacks are not a matter of if, but when. Given that an organization is going to experience security incidents, attacks and even breaches, a cyber incident response team and plan is critical. In a sophisticated threat landscape, what are the key considerations to building
As the cyber-threat landscape evolves and data breaches become more common, incident response has become more critical than ever. A CSIRT (Computer Security Incident Response Team) is a body of people assigned with the responsibility of responding to and minimizing the impact of any incidents that affect the organization. This
Introduction – Sign In To Continue Engineers have put a lot of work into making today’s websites effortless to browse. When we browse the web, we typically reach the function of a website we want without ever thinking about what we need to click. Websites present their options clearly, and
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
