threat analysis


Because of the recent outbreak of the Locky ransomware, Dridex has become synonymous with the distribution of ransomware more generally. However, Dridex is still taking good care of its notorious original business– banking Trojans. While preparing the materials for my upcoming HITBAMS2016 talk on Kernel Exploit hunting and mitigation, I came across this new variant of Dridex (SHA1: 455817A04F9D0A7094038D006518C85BE3892C99), which is rather interesting. The Master of Antivirus Killers Based on some simple string checks, we assumed... [Read More]
by RSS Wayne Chin Yick Low  |  Mar 23, 2016  |  Filed in: Security Research
A psychologist might tell you that the way a child plays in the sandbox is a reflection of how they will act in their adult life. The same is true for malicious software, though we aren't speaking about the same sandbox. There is a growing concern among security professionals about advanced persistent threats (APTs). The problem is not new, but it is of growing importance. Now, more than ever, highly targeted attacks (often specifically crafted to beat traditional defenses) pose a significant risk to enterprise level organizations. Despite advances... [Read More]
by RSS David Finger  |  Nov 19, 2013  |  Filed in: