We present our analysis of HermeticRansom (aka Elections GoRansom) ransomware that was likely used as a smokescreen for the HermeticWiper attack.

InQuest provides Deep File Inspection (DFI) for real-time protection and RetroHunting to leverage hindsight and apply today's intelligence to yesterday's data.

We explain how PartyTicket ransomware used in Ukraine attacks only superficially encrypts files, and outline how it's possible to recover the encrypted files.

Proofpoint has identified a campaign using a Lua-based malware dubbed SunSeed. Learn more about the attack with Proofpoint's in-depth report.

Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]

ESET researchers uncover IsaacWiper, a new wiper that attacks Ukrainian organizations and HermeticWizard, a worm spreading HermeticWiper in local networks.

FortiGuard Labs provides a deep analysis of the evolution of SoulSearcher malware focusing on a malicious DLL payload module. With reverse engineering the team analyzes the different components and…

FortiGuard Labs has discovered evidence that the Nobelium Group is impersonating someone associated with the Turkish embassy as a lure to introduce a Cobalt Strike beacon payload and gain access. R…

Perhaps one of the most interesting leaks for the threat intelligence community, the Conti data dumps will provide invaluable data for a long time to come.

Malware Analysis Report - Rewterz | LokiBOT

In the morning of February 22nd, the ASEC analysis team has discovered the redistribution of Magniber that disguised itself as normal Windows Installers (MSI) instead of the previous Windows app (APPX) The distributed Magniber files have MSI as their extension…

Researchers at Zscaler discovered a DDoS attack launched by DanaBot against the Ukrainian Ministry of Defense.

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 21st, 2022 (Monday) to February 27th, 2022 (Sunday). For the main category,…

On February 24th, the Avast Threat Labs discovered a new ransomware strain accompanying the data wiper HermeticWiper malware,  which our colleagues at ESET found circulating in the Ukraine. Following this naming convention, we opted to name the strain we…

Cyble Research Labs analyzes significant acts of cyberwarfare that have occurred so far in the Russia-Ukraine Conflict.

The Vultur malware is delivered as an add-on payload via a fake app called 2FA Authenticator, which over 10,000 people have downloaded.

Cyble researchers analyze the new attack vectors being leveraged by the recently resurfaced Emotet Malware.

Security researchers at Cyble Research Labs have compiled a list of critical incidents in the escalating Russia-Ukraine conflict.

Hours before the invasion of Ukraine by Russian forces, a new piece of malware was launched at Ukrainian targets. In this blog post, we take apart its components and highlight its capabilities.