Year: 2017 | Securelist

In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network. It’s holiday season and it is our pleasure to share this script with you.

Loading...

Authors Categories Tags

Subscribe

Reports

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.

Archive

Happy IR in the New Year!

Nhash: petty pranks with big finances

Travle aka PYLOT backdoor hits Russian-speaking targets

Jack of all trades

Kaspersky Security Bulletin. Overall statistics for 2017

Still Stealing

Cybercriminals vs financial institutions in 2018: what to expect

Kaspersky Security Bulletin: Review of the Year 2017

Kaspersky Security Bulletin: Story of the year 2017

IoT lottery: finding a perfectly secure connected device

Android commercial spyware

Threat Predictions for Connected Life in 2018

Kaspersky Lab – Beyond Black Friday Threat Report, November 2017

Investigation Report for the September 2014 Equation malware detection incident in the US

Threat Predictions for Cryptocurrencies in 2018

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Subscribe

Reports

CloudSorcerer – A new APT targeting Russian government entities

APT trends report Q1 2024

ToddyCat is making holes in your infrastructure

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Subscribe to our weekly e-mails