Internet Explorer and Windows zero-day exploits used in Operation PowerFall

In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote Read More …

Script-Based Malware: A New Attacker Trend on Internet Explorer

Over the past few months, we have detected sophisticated script-based malware through Internet Explorer (IE) browser exploits that infect Windows Operating System (OS) users. We decided to investigate those scripts to identify their key features to demonstrate that they are Read More …

WastedLocker ransomware abuses Windows feature to evade detection

The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. Before we get to how WastedLocker is evading detection, it is necessary to understand how anti-ransomware solutions detect ransomware. Anti-ransomware solutions will monitor the Read More …

MATA: Multi-platform targeted malware framework

As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Read More …

Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

Researchers at FireEye recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere Read More …