Usually, Adwares are not a particularly interesting research subject. However, when we detected a DealPly variant that evaded AV detection we decided to dig deeper.
Malware, enSilo Breaking Malware, Process Doppelganging, Threat Intelligence
A new loader-type malware adopted a technique similar to Process Doppelgänging and spread like wildfire in the last year and half. This loader is a significant threat, besides GandCrab, that closed up shop earlier this year, it delivers over a dozen other payloads like FormBook, LokiBot, SmokeLoader, AZORult, NetWire, njRat and Pony stealer.
Malware, enSilo Breaking Malware, Threat Intelligence
Article Summary
In May 2019, enSilo’s Threat Intelligence team observed activity by a cybercrime group, spreading Metamorfo - A Brazilian banking trojan. The variants we discovered abuse an executable digitally signed by Avast, which is one of the most popular AV products in the world for consumers. We were able to connect this activity to a
Malware, APT, enSilo Breaking Malware, APT10, Threat Intelligence
Article Summary
In April 2019, enSilo detected what it believes to be new activity by Chinese cyber espionage group APT10. The variants discovered by enSilo are previously unknown and deploy malware that is unique to the threat actor. These malware families have a rich history of being used in many targeted attacks against government and
Combining YETI, an open-source threat intelligence project, with Elastic Stack is a great way to simplify and enhance the work performed by researchers and threat hunters.
Read More
L0rdix, currently available for purchase in underground forums, is aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools and is designed to be a universal "go-to" tool for attackers. Indicators suggest the tool is still under development and we expect to encounter more
Read More
An active and stealthy cryptocurrency mining and ransomware campaign infecting targets in Spain and France which leverages multiple bypass techniques to evade detection by traditional AV.
cybersecurity, Windows, enSilo Breaking Malware, meltdown, KPTI, PatchGuard
The mitigation for Meltdown created a new part in the kernel which PatchGuard left unprotected, making hooking of system calls and interrupts possible, even with HVCI enabled.
cybersecurity, enSilo Breaking Malware
On August 8th, at the BSides Conference in Las Vegas, we unveiled a new exploitation technique against the Microsoft Windows operating system. It's a general technique to leverage with kernel vulnerabilities and make privilege escalation easier.
Tags
- enSilo Corporate and Product (204)
- Weekly Security News (96)
- Windows (50)
- Malware (45)
- cybersecurity (31)
- enSilo Breaking Malware (28)
- Industry (23)
- Research (23)
- Business (14)
- Ransomware (13)
- code injection (9)
- Vulnerabilities (7)
- AtomBombing (6)
- WannaCry (6)
- POS malware (5)
- RAT (5)
- APT (4)
- NSA (4)
- Process Doppelganging (4)
- exploit (4)
- Endpoint Protection (3)
- Mac OS X (3)
- Moker (3)
- NotPetya (3)
- Threat Intelligence (3)
- UAC (3)
- Web Malware (3)
- documentation (3)
- hooking (3)
- vulnerability (3)
- Android (2)
- ArdBot (2)
- CFG (2)
- Control Flow Guard (2)
- Emotet Botnet (2)
- Fileless Malware (2)
- Furtim (2)
- Gartner (2)
- GlobeImposter (2)
- Injection Techniques (2)
- Windows XP (2)
- av (2)
- elevation (2)
- meltdown (2)
- tools (2)
- APC (1)
- APT10 (1)
- Bad Rabbit (1)
- CVS (1)
- CryFile (1)
- Detours (1)
- ESTEEMAUDIT (1)
- Equifax (1)
- FindADetour (1)
- GOZI (1)
- HIPAA (1)
- Hancitor (1)
- KPTI (1)
- Linux (1)
- Lockerpin.A (1)
- MSSP (1)
- ModPOS (1)
- NtSetInformationVirtualMemory (1)
- PCI DSS (1)
- Patch (1)
- PatchGuard (1)
- SCADA (1)
- Scarab (1)
- Unix (1)
- Verizon (1)
- Windows 10 (1)
- anti-virus (1)
- avulnerabilitychecker (1)
- bypass UAC (1)
- command injection (1)
- environment variable (1)
- excel-scriptlet (1)
- hospitality (1)
- media (1)
- path redirect (1)
- spectre (1)
- variable expansion (1)
- variables (1)
Subscribe
Subscribe to enSilo's Blog
and Stay on Top of the
Latest Security Research
and Industry News