Threat actors are constantly evolving their tactics. One increasingly observed technique involves abusing public blockchains, specifically the Binance Smart Chain (BSC), as Command-and-Control (C2) infrastructure for malware operations. By hosting malicious code on-chain, attackers can circumvent traditional blocking mechanisms: smart contracts cannot simply be taken down like a conventional web
12 minutes read TLP: Green 🟢 Disclaimer: At VMRay, we believe in supporting the broader research community, as we know that collective intelligence is our best defense. To that end, we recently collaborated with independent researcher Pol Thill on a deep-dive investigation into a series of complex campaign clusters. Utilizing
Introduction In this blogpost, we will discuss how malware analysis supports threat intelligence, specifically by climbing the Pyramid of Pain. To this end we will take a deep dive into Lumma Stealer samples and Command-and-Control (C2) infrastructure. We will provide insights into the C2 domain lifecycle for Lumma, as well
Security operations centers (SOCs) face an overwhelming reality: thousands of security alerts flood their systems daily, but only a fraction represent genuine threats. This comprehensive guide explores alert triage fundamentals, common challenges, and proven strategies to streamline your SOC’s response capabilities. As cybersecurity experts with deep experience in threat detection
Introduction DLL sideloading is a widely used attack technique that exploits how Windows applications load dynamic link libraries (DLLs). Threat actors use it to execute malicious payloads while evading traditional security measures. This post explores how this attack technique works, why it is attractive to attackers, and the best methods
VIEW VMRAY’S ANALYSIS REPORT Overview First identified in October 2023, Latrodectus malware has since evolved significantly, becoming a key player in the cybercriminal ecosystem. The malware works mainly as a loader/downloader. Latrodectus malware has strong ties with the former, infamous loader IcedID, which was taken down in May 2024,
Three Ransomware attacks and data breaches in the healthcare industry over the last few weeks have been noteworthy. We’ve discussed the first incident that involves the BlackCat Ransomware as a Service (RaaS). Now, let’s continue with the second:the return of LockBit 3.0. Part 3: Rhysida Another ransomware as a service
Three Ransomware attacks and data breaches in the healthcare industry over the last few weeks have been noteworthy. We’ve discussed the first incident that involves the BlackCat Ransomware as a Service (RaaS). Now, let’s continue with the second:the return of LockBit 3.0. Part 2: The End of LockBit? Not So
Ransomware. One word that keeps many IT Administrators and SOC Analysts awake at night. And when it comes to the healthcare industry, the recent ransomware attacks of 2024 have led many IT security practitioners to burn the midnight oil late into the night. Three Ransomware attacks and data breaches in
Overview Pikabot has posed significant challenges to many Endpoint Detection and Response (EDR) systems through its employment of an advanced technique to hide its malicious activities known as “indirect system calls” (or “indirect syscalls”). This is only one of multiple techniques this family employs to evade detection: Pikabot distinguishes itself
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
