Home Tags Indicators of Compromise (IoC)

Tag: Indicators of Compromise (IoC)

Overwatch and Call of Duty won't be Olympic sports any time soon.
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT.

From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.
In October 2017, we learned of a vulnerability in Telegram Messengerrsquo;s Windows client that was being exploited in the wild.
It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its CC.

That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling.
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild.
In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago.
In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on usersrsquo; computers.

This time, wersquo;d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.
During past few years, the number and quality of attacks aimed financial sector organizations has continuously grown.

The financial institutions that have not already thought about cyber security, will soon face the consequences of hacker attacks.
Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe.
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process.

Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe.

But some samples employ other interesting methods. We're going to discuss one such type of malware.