SpiderLabs Blog

Decoding Hancitor Malware with Suricata and Lua

November 6, 2018
Bryant Smith
Comments (0)

Many types of malware send and receive data via HTTP. They may either be sending updates back to their command and control (CnC) centers or they may receive updates. Typically these won't be sent in plain text but rather with...

Read More

Bank Malspam Revisited

August 22, 2018
Phil Hay
Comments (0)

Last week we wrote about some malicious spam containing Microsoft Publisher files, leading to the FlawedAmmyy RAT, where the actors behind the campaign were targeting banks. The same actors have resumed business today, however this time, they embedded the Publisher...

Read More

Malspam Campaign Targets Banks Using Microsoft Publisher

August 17, 2018
Homer Pacag
Comments (0)

It's very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and...

Read More

Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?

August 1, 2018
Simon Kenin
Comments (0)

On July 31st , just after getting back to the office from my talk at RSA Asia 2018 about how cyber criminals use cryptocurrencies for their malicious activities, I noticed a huge surge of CoinHive in Brazil. After a quick...

Read More

DanaBot Riding Fake MYOB Invoice Emails

July 16, 2018
Dr. Fahim Abbasi
Comments (0)

Authors: Dr. Fahim Abbasi and Diana Lopera We recently observed phishing emails targeting Australian customers with fake MYOB invoices. Instead of the usual HTTP links, these emails were ridden with FTP links pointing to compromised FTP servers. While most of...

Read More

All Your Base64 Are Belong To Us – Dynamic vs. Static Analysis of Web Content

April 11, 2018
Simon Kenin
Comments (0)

I recently encountered an interesting phishing scheme when reviewing telemetry of incidents blocked by Trustwave Secure Web Gateway (SWG). My investigation into the scheme uncovered some interesting points and led me here: Figure 1: Phishing content only blocked by 1/67...

Read More

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

February 21, 2018
Dr. Fahim Abbasi
Comments (0)

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Read More

Multi-Stage Email Word Attack Without Macros

February 14, 2018
Homer Pacag
Comments (0)

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

Read More

SpiderLabs^® Blog

Showing 8 results for: 2018 ×Malware ×

Decoding Hancitor Malware with Suricata and Lua

Bank Malspam Revisited

Malspam Campaign Targets Banks Using Microsoft Publisher

Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?

DanaBot Riding Fake MYOB Invoice Emails

All Your Base64 Are Belong To Us – Dynamic vs. Static Analysis of Web Content

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

Multi-Stage Email Word Attack Without Macros