Community Content
HermeticWiper Malware
OVERVIEW The HermeticWiper malware variant was first identified by researchers from ESET and Broadcom’s Symantec on February 23, 2022 and has been observed attacking Ukrainian
OVERVIEW The HermeticWiper malware variant was first identified by researchers from ESET and Broadcom’s Symantec on February 23, 2022 and has been observed attacking Ukrainian
OVERVIEW LockBit is a ransomware variant that was first seen in September 2019, and has been prevalent in ransomware attacks ever since. The variant encrypts
Many adversaries abuse Visual Basic (VB) for execution. VB is a programming language created by Microsoft with interoperability with many Windows technologies such as Component Object Model and the Native API through the Windows API. Although tagged as legacy with no planned future evolutions, VB is integrated and supported in the .NET Framework and cross-platform .NET Core. VB can be abused in Microsoft Office Macros, as standalone script files, within HTA files and run on the command line as a method of evading detection, hiding code or otherwise used as a method of general execution. In the targeted technique, an adversary will utilize a registry key containing an HTA application or vbscript and utilize a script interpreter or rundll32 to run vbscript that will execute the code from the registry. This is a method of defense evasion to hide code in unsuspecting places, but still be able to execute it.
OVERVIEW The BlackByte Ransomware variant was first publicly recognized in July of 2021, spawned by a threat group by the same moniker. The variant is
OVERVIEW The WhisperGate malware variant was first identified by the MSTIC (Microsoft Threat Intelligence center) on January 13, 2022 and has attributed to the nation-state
OVERVIEW The SysJoker Backdoor is believed to have been active since the end of 2021, first discovered by Intezer researchers and believed to be attributed
Log4Shell Threat Update – 2 Jan 2022 Cyborg Security has published an additional three Hunt Packages related to CVE-2021-44228 (Log4Shell), with the intent to provide
InstallerFileTakeover (CVE-2021-41379) is a local privilege escalation vulnerability in Windows systems, which enables an attacker to elevate privileges on fully patched Windows 10, 11, and
OVERVIEW TrickBot (TrickLoader, Trickster, TheTrick, TrickLoader, Totbrick, TSPY_TRICKLOAD, TrickBot) is a semi-modular, pervasive, banking trojan which has been observed since mid-2016. The malware appears to
THREAT DESCRIPTION – Windows Discovery and Execution Processes When malware or an adversary compromise a system, they often employ Excessive Windows discovery and execution processes,
