In the world of malware analysis, there is sometimes confusion between the terms “artifacts” and “indicators of compromise (IOCs).” This is understandable because many malware analysis engines don’t distinguish between the two. First, let’s define the terms. When a malware sandbox dynamically analyzes a threat, it collects pieces of forensic data observed during runtime. This […]READ MORE
In this Malware Analysis Spotlight, the VMRay Labs looks at the behavior of a phishing site distributed through an SMS message. Based on the content of the SMS message, this does not seem to be part of a targeted attack but rather part of a massive phishing campaign that aims at users of Apple products. […]READ MORE
Living off the Land Binaries – aka LOLBins – represent one of the more creative and insidious malware threats today. Attackers use LOLBins to evade detection by manipulating legitimate systems and processes for malicious purposes. In this post—condensed from a SANS webcast featuring SANS Analyst Jake Williams and VMRay Sr. Research Analyst Tamas Boczan explain why […]READ MORE
In April 2020, the systems of Portuguese multinational energy giant Energias de Portugal (EDP) were encrypted by RagnarLocker Ransomware. The operators of RagnarLocker demanded a ransom of 1580 Bitcoin ($10.9M). Based on the ransom notes left on EDP’s systems (Figure 1) which directly mentioned the company, it’s clear that it was a targeted attack and the malware authors […]READ MORE
VMRay is proud to announce our partnership with threat intelligence vendor, Anomali to provide access to VMRay Analyzer via the Anomali APP Store. Anomali ThreatStream customers can now access our groundbreaking malware analyzer via an existing subscription, a new license purchased through the App Store, or a free trial version. The Anomali and VMRay joint solution […]READ MORE
Website designed and developed by Raincastle Communications, Inc.