The developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct approaches, the latest of which we detail in this blog.
Read MoreDuring 2021 Morphisec identified an increased usage of the “HCrypt” crypter. In this post, we will lockpick “HCrypt” – a crypter as a service that is marketed as a FUD (fully undetectable) loader for the client`s RAT of choice. We chose to dissect the crypter’s operations along with tracking several actors that utilize it.
Read MoreThe MineBridge RAT was first identified in January 2020 by security researchers at FireEye, who observed the backdoor attacking financial institutions in the United States with some targets located in South Korea as well. MineBridge was initially classified as a C++ backdoor that was delivered via phishing campaigns.
Read MoreEgregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.
Read MoreDuring the period between January 15 and 20, Morphisec identified a significant campaign targeting multiple German customers from the manufacturing industry. Targeted personnel were redirected to compromised websites that were, and still are, delivering advanced fileless downloaders that eventually lead to an Osiris client with a bundled mini-Tor communicating to a C2 onion Tor panel.
Read MoreIn this post, we will be covering CinaRAT loader`s evasive TTPs (tactics, techniques, and procedures) as have been identified and prevented by Morphisec’s zero-trust endpoint security solution, powered by moving target defense technology.
Read MoreThis report has been updated with assistance from the cybersecurity community.
Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has provided unique visibility into multiple FIN7 campaigns that our researchers were proud to share with MITRE and the InfoSec community at large. Fin7 is a well-funded financially motivated cybercrime group. Their advanced techniques and tactics were even emulated in the third round of the MITRE ATT&CK evaluations.
Read MoreAn Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, some are independent and some act as a modular part of a larger task such as a Banking Trojan (Trickbot) or a RAT.
Read MoreThe Agent Tesla information stealer has been around since 2014. During the last two to three years, it's also had a significant distribution growth factor partially due to the fact that cracked versions of it have been leaked.
Read MoreThe Morphisec Labs team has prevented on our customers’ sites a massive Trickbot and Emotet phishing campaign during the 10th and 11th of September. Trickbot is one of the most advanced malware frameworks active today; it constantly evolves with more innovative methods to achieve its goals.
Read More
