Moker: A new APT discovered within a sensitive network

Research, Windows, Malware, APT, Moker, RAT, enSilo Corporate and Product

Recently, enSilo found an Advanced Persistent Threat (APT) residing in a sensitive network of a customer. This APT appears to be a Remote Access Trojan (RAT) that is capable of taking complete control of the victim’s computer. To date, this APT is unknown and does not appear in VirusTotal. Moker was the file description that the malware author

Read More

Moker, Part 1: Dissecting a New APT Under the Microscope

Windows, Web Malware, Malware, APT, Moker, RAT, enSilo Breaking Malware

Recently, we came across Moker, an advanced malware residing in a sensitive network of a customer. Since the malware did not try to access an external server, but rather tamper with the system inner workings, we decided to give this malware a second look. (This kind of work is part of developing complete endpoint security software.)

Read More

“Selfie”: A Tool to Unpack Self-Modifying Code using DynamoRIO

tools, Windows, Malware, enSilo Breaking Malware, Endpoint Protection

TL;DR: In this blog post we describe Selfie, a tool we have developed that automates finding the OEP for a majority of malwares packed with self-modifying code. The Selfie tool is now open-sourced, compiled to 32-bit, and can be found here.

Read More

NanoCore RAT: It’s Not 100% Original

Research, Windows, Malware, RAT, enSilo Corporate and Product

A few days ago, a cracked full-version of the NanoCore Remote Access Trojan (RAT) tool was leaked.

With scarce existing documentation of NanoCore we decided to investigate ourselves NanoCore’s core set of features and techniques. (We do this as part of enSilo’s development of the best endpoint security software.) What we found was that although

Read More