reports

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Posted on February 24, 2023February 24, 2023 by Admin

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool Malware Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. By: Buddy Tancio, Abraham Camba, Catherine Loveria February 24, 2023 Read time: ( words) Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used (via the DLL…

A Deep Dive into the Evolution of Ransomware Part 2

Posted on February 23, 2023February 23, 2023 by Admin

Ransomware has become an increasingly damaging presence, wreaking havoc on organizations of all sizes and across industries. Without understanding the traditions that underpin these malicious strategies, combatting them can feel like a daunting task. In part one, we explore ransomware’s evolution to gain perspective on how cybercriminals adapt their tactics in response to changing threats. This entry looks into factors that trigger changes in cyber criminals’ business models. Triggers for a paradigm shift Cybercriminals are…

In Review: What GPT-3 Taught ChatGPT in a Year

Posted on February 21, 2023February 21, 2023 by Admin

ChatGPT spotted and called the error, recognizing not only the difference between the previous and latest uploaded code but also that the new code would not work altogether. The reason is in ChatGPT’s stateful session: By “remembering” the previously input correct snippet of code, the system is able to draw a direct comparison — something that GPT-3 was unable to do unless we provided the input ourselves. As further proof, we retried the experiment in…

A Deep Dive into the Evolution of Ransomware Part 1

Posted on February 21, 2023February 21, 2023 by Admin

A Deep Dive into the Evolution of Ransomware Part 1 Ransomware This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 21, 2023 Read time: ( words) Ransomware has become a notorious and damaging form of malware, inflicting financial losses on enterprises, governments, healthcare organizations and core infrastructure. Ransomware has been a very profitable activity for malicious actors. However,…

Royal ransomware expands attacks by targeting Linux ESXi servers

Posted on February 20, 2023February 20, 2023 by Admin

Royal ransomware expands attacks by targeting Linux ESXi servers Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog. By: Nathaniel Morales, Ivan Nicole Chavez, Byron Gelera February 20, 2023 Read time: ( words) Ransomware actors have been observed to expand their targets by…

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

Posted on February 17, 2023February 17, 2023 by Admin

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack APT & Targeted Attacks We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea. By: Joseph C Chen, Jaromir Horejsi February 17, 2023 Read time: ( words) We discovered a…

Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns

Posted on February 16, 2023February 16, 2023 by Admin

Technical perspectives Based on the arsenals and TTPs, we believe Earth Yako may be related to a number of existing groups. However, since we could only observe partial technical overlaps between Earth Yako and the following groups, we note that this is not our final attribution. We found the overlaps similar with the following groups: 1. Darkhotel Darkhotel (a.k.a. DUBNIUM) is a threat actor observed to frequently target Japanese organizations in the past. Earth Yako’s…

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

Posted on February 9, 2023February 9, 2023 by Admin

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs Malware We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures. By: Aliakbar Zahravi, Peter Girnus February 09, 2023 Read time: ( words) We recently found an active campaign that uses a fake employment pretext targeting Eastern Europeans in the cryptocurrency industry to install an information stealer. In this campaign, the suspected Russian threat actors, use several highly obfuscated and underdevelopment…

Earth Zhulong Familiar Patterns Target Vietnam

Posted on February 8, 2023February 8, 2023 by Admin

Introduction In 2022, we discovered a hacking group that has been targeting telecom, technology, and media sectors in Vietnam since 2020. We track this particular group as Earth Zhulong. We believe that Earth Zhulong is likely related to the Chinese-linked hacking group 1937CN based on similar code in the custom shellcode loader and victimology. In this post, we’ll introduce Earth Zhulong’s new tactics, techniques, and procedures (TTPs) in the recent campaign and the evolution of…

Earth Zhulong Familiar Patterns Target Southeast Asian Firms

Posted on February 8, 2023February 17, 2023 by Admin

Introduction In 2022, we discovered a hacking group that has been targeting telecom, technology, and media sectors in Southeast Asia since 2020. We track this particular group as Earth Zhulong. We believe that Earth Zhulong is likely related to the Chinese-linked hacking group 1937CN based on similar code in the custom shellcode loader and victimology. In this post, we’ll introduce Earth Zhulong’s new tactics, techniques, and procedures (TTPs) in the recent campaign and the evolution…

« 1 2 3 4 5 6 … 27 »

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

A Deep Dive into the Evolution of Ransomware Part 2

In Review: What GPT-3 Taught ChatGPT in a Year

A Deep Dive into the Evolution of Ransomware Part 1

Royal ransomware expands attacks by targeting Linux ESXi servers

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

Earth Zhulong Familiar Patterns Target Vietnam

Earth Zhulong Familiar Patterns Target Southeast Asian Firms

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)