research

Earth Preta Updated Stealthy Strategies

Posted on March 23, 2023March 25, 2023 by Admin

We categorize the different TTPs into six stages: arrival vectors, discovery, privilege escalation, lateral movement, command and control (C&C) and exfiltration, respectively. In our previous research, we covered most of the new TTPs and malware during the first stage, arrival vectors. However, we observed that some of TTPs have been changed. In the following sections, we focus on the updated arrival vectors and their succeeding stages. We previously summarized the arrival vectors used by Earth…

Emotet Returns, Now Adopts Binary Padding for Evasion

Posted on March 13, 2023March 14, 2023 by Admin

Once a user enables macros for the malicious document, it will download a ZIP file will from one of seven hardcoded and obfuscated URLs (which will be iterated through until the file is successfully retrieved): hxxps://midcoastsupplies.com[.]au/configNQS/Es2oE4GEH7fbZ/ hxxp://mtp.evotek[.]vn/wp-content/L/ hxxp://www.189dom[.]com/xue80/C0aJr5tfI5Pvi8m/ hxxps://esentai-gourmet[.]kz/404/EDt0f/ hxxp://139.219.4[.]166/wp-includes/XXrRaJtiutdHn7N13/ hxxps://www.snaptikt[.]com/wp-includes/aM4Cz6wp2K4sfQ/ hxxps://diasgallery[.]com:443/about/R/ The macro will then check if the response is 200 (indicating a success retrieval of the file). If so, it will then check if that file is either a PE File or a…

Examining Ransomware Payments From a Data-Science Lens

Posted on March 9, 2023March 10, 2023 by Admin

In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be telling of its persistence methods, the tactics, techniques,…

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Posted on March 2, 2023March 2, 2023 by Admin

Security recommendations and Trend Micro solutions Email-related threats are becoming increasingly sophisticated and harder to spot. Back in the day, bad grammar and an exaggerated sense of urgency were enough tell-tale signs of malicious emails. Nowadays, malicious actors have evolved to mimic the voice and tone of the character they’re trying to pretend to be and at times, are prepared to play the long con. To successfully combat spam or phishing threats, organizations must…

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Posted on March 2, 2023March 2, 2023 by Admin

The CVEs used by the top five groups varied in severity (Figure 2), though most of these CVEs had a score of at least 7.2 on the Common Vulnerability Scoring System (CVSS). As Figure 3 shows, the bulk of these vulnerabilities were exploited as a means of privilege escalation at 54.3%, followed by those for remote code execution (RCE) at 17.4%. Vulnerabilities exploited by the top five ransomware groups CVE-2021-30119, which has the lowest CVSS…

A Deep Dive into the Evolution of Ransomware Part 3

Posted on February 27, 2023February 28, 2023 by Admin

A Deep Dive into the Evolution of Ransomware Part 3 Privacy & Risks This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 27, 2023 Read time: ( words) Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises –…

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Posted on February 24, 2023February 24, 2023 by Admin

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool Malware Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. By: Buddy Tancio, Abraham Camba, Catherine Loveria February 24, 2023 Read time: ( words) Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used (via the DLL…

A Deep Dive into the Evolution of Ransomware Part 2

Posted on February 23, 2023February 23, 2023 by Admin

Ransomware has become an increasingly damaging presence, wreaking havoc on organizations of all sizes and across industries. Without understanding the traditions that underpin these malicious strategies, combatting them can feel like a daunting task. In part one, we explore ransomware’s evolution to gain perspective on how cybercriminals adapt their tactics in response to changing threats. This entry looks into factors that trigger changes in cyber criminals’ business models. Triggers for a paradigm shift Cybercriminals are…

A Deep Dive into the Evolution of Ransomware Part 1

Posted on February 21, 2023February 21, 2023 by Admin

A Deep Dive into the Evolution of Ransomware Part 1 Ransomware This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 21, 2023 Read time: ( words) Ransomware has become a notorious and damaging form of malware, inflicting financial losses on enterprises, governments, healthcare organizations and core infrastructure. Ransomware has been a very profitable activity for malicious actors. However,…

« 1 2 3 4 5 … 18 »

Earth Preta Updated Stealthy Strategies

Emotet Returns, Now Adopts Binary Padding for Evasion

Examining Ransomware Payments From a Data-Science Lens

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

A Deep Dive into the Evolution of Ransomware Part 3

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

A Deep Dive into the Evolution of Ransomware Part 2

A Deep Dive into the Evolution of Ransomware Part 1

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)