Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Malware Defenses

Below you will find reports with the tag of “Malware Defenses”

image from DragonOK Updates Toolset and Targets Multiple Geographic Regions

DragonOK Updates Toolset and Targets Multiple Geographic Regions

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. In recent months, Unit 42 has observed a number of attacks that we attribute to this group. Multiple new variants of the previously discussed sysget malware family have been observed in use by DragonOK. Sysget malware was delivered both directly via phishing emails, as well as in Rich Text Format (RTF) documents exploiting the CVE-2015-1641 vulnerability (patched in MS15-033) that in turn leveraged a very unique shellcode. Additionally, we have observed instances of the IsSpace and TidePool malware families being delivered via the same techniques. While Japan is still the most heavily targeted geographic region by this particular actor, we also observed instances where individuals or organizations in Taiwan, Tibet, and Russia also may have been targeted.

(more available)
Added: November 15, 2018
image from KingSlayer - A Supply Chain Attack

KingSlayer - A Supply Chain Attack

In this Kingslayer post-mortem report, RSA Research describes a sophisticated software application supply chain attack that may have otherwise gone unnoticed by its targets.

(more available)
Added: November 15, 2018
image from From Shamoon To Stonedrill

From Shamoon To Stonedrill

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. 2. Details on the ransomware functionality found in Shamoon 2.0. This functionality is currently inactive but could be used in future attacks. 3. Details on the newly found StoneDrill functions, including its destructive capabilities (even with limited user privileges). 4. Details on the similarities between malware styles and malware components’ source code found in Shamoon, StoneDrill and NewsBeef.

(more available)
Added: November 15, 2018
image from BlackOasis APT and new targeted attacks leveraging zeroday exploit

BlackOasis APT and new targeted attacks leveraging zeroday exploit

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. "

(more available)
Added: November 15, 2018
image from Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

This blog post continues discussion about the CCleaner supply chain attack.

Added: November 15, 2018
image from FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here.

(more available)
Added: November 15, 2018
image from TRISIS Malware

TRISIS Malware

In mid-November 2017, the Dragos, Inc. team discovered ICS-tailored malware deployed against at least one victim in the Middle East. The team identifies this malware as TRISIS because it targets Schneider Electric’s Triconex safety instrumented system (SIS) enabling the replacement of logic in final control elements. TRISIS is highly targeted and likely does not pose an immediate threat to other Schneider Electric customers, let alone other SIS products. Importantly, the malware leverages no inherent vulnerability in Schneider Electric products. However, this capability, methodology, and tradecraft in this very specific event may now be replicated by other adversaries and thus represents an addition to industrial asset owner and operators’ threat models.

(more available)
Added: November 15, 2018
image from Uri Terror attack & Kashmir Protest Themed spear phishing emails targeting Indian Embassies and Indian Ministry of external affairs

Uri Terror attack & Kashmir Protest Themed spear phishing emails targeting Indian Embassies and Indian Ministry of external affairs

“In my previous blog I posted details of a cyber attack targeting Indian government organizations. This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the victims, the attackers distributed spear-phishing emails containing malicious word document which dropped a malware capable of spying on infected systems. The email purported to have been sent from legitimate email ids. The attackers spoofed the email ids associated with Indian Ministry of Home Affairs to send out email to the victims. Attackers also used the name of the top-ranking official associated with Minister of Home affairs in the signature of the email, this is to make it look like the email was sent by a high-ranking Government official associated with Ministry of Home Affairs (MHA).”

(more available)
Added: November 15, 2018
image from Cyber Attack Targeting Indian Navy’s Submarine and Warship Manufacturer

Cyber Attack Targeting Indian Navy’s Submarine and Warship Manufacturer

“In my previous blog posts I described attack campaigns targeting Indian government organizations, and Indian Embassies and Ministry of External affairs. In this blog post I describe a new attack campaign where cyber espionage group targeted the users of Mazagon Dock Shipbuilders Limited (also called as ship builder to the nation). Mazagon Dock Shipbuilders Limited (MDL) is a Public Sector Undertaking of Government of India (Ministry of Defence) and it specializes in manufacturing warships and submarines for the Indian Navy.”

(more available)
Added: November 15, 2018
image from Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations

Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations

CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine. Because it eavesdrops on sensitive conversations by remotely controlling PC microphones – in order to surreptitiously “bug” its targets – and uses Dropbox to store exfiltrated data, CyberX has named it “Operation BugDrop.”

(more available)
Added: November 15, 2018
image from Operation Cobalt Kitty

Operation Cobalt Kitty

This report offers a threat actor profile and indicators of compromise around the OceanLotusGroup actor.

Added: November 15, 2018
image from Iranian Threat Agent OilRig Delivers Digitally Signed Malware Impersonates University of Oxford

Iranian Threat Agent OilRig Delivers Digitally Signed Malware Impersonates University of Oxford

Iranian threat agent OilRig has been targeting multiple organisations in Israel and other countries in the Middle East since the end of 2015. In recent attacks they set up a fake VPN Web Portal and targeted at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office. This report offers insight into this threat.

(more available)
Added: November 15, 2018
image from "Super Clean Plus" Is Anything But: Popular Cleanup App Hides Malicious Intent

"Super Clean Plus" Is Anything But: Popular Cleanup App Hides Malicious Intent

This paper analyzes a cleanup app that is actually malicious.

Added: October 26, 2018
image from 2017 Year In Review Report

2017 Year In Review Report

This Annual report discusses the events and changes in the cybersecurity landscape of 2017.

Added: October 26, 2018
image from Cloud Infrastructure In The Federal Government

Cloud Infrastructure In The Federal Government

Many federal agencies have begun adoption of modern, agile approaches to software delivery, with the goal of building higher quality services faster and more cheaply. While there are significant barriers to the adoption of this paradigm in the federal government, this paper offers specific principles and practices that have already achieved success.

(more available)
Added: October 26, 2018
image from CoinMiner And Other Malicious Cryptominers Targeting Android

CoinMiner And Other Malicious Cryptominers Targeting Android

SophosLabs takes a specific look at threats being downloaded on GooglePlay that mine a mobile phone’s resources while searching for cryptocurrency.

(more available)
Added: October 26, 2018
image from Dridex v4

Dridex v4

The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has since re-emerged. This paper provides an overview.

(more available)
Added: October 26, 2018
image from Healthcare And Cross Sector CyberSecurity Volume 16

Healthcare And Cross Sector CyberSecurity Volume 16

This report is specifically geared to the Healthcare and Cross-Sector Cybersecurity Issues.

Added: October 26, 2018
image from Internet Security Report Quarter 1

Internet Security Report Quarter 1

Have you ever wondered what 0 types of cyber attacks affect small to midsize businesses (SMBs) and distributed enterprises (DEs)? Well, you’ve come to the right place.

(more available)
Added: October 26, 2018
image from Microsoft Security Intelligence Report Volume 22

Microsoft Security Intelligence Report Volume 22

This is the 22nd edition of the Microsoft Security Intelligence Report. In this report, they have organized data sets into two categories, cloud and endpoint. They are sharing data about a shorter time period, one quarter.

(more available)
Added: October 26, 2018
image from SilverTerrier: The Next Evolution In Nigerian Cybercrime

SilverTerrier: The Next Evolution In Nigerian Cybercrime

With unique and specialized analysis, this paper discusses Nigerian cyber crime actors, their growth, collaboration, and the direction they are headed.

(more available)
Added: October 26, 2018
  • ««
  • «
  • 4
  • 5
  • 6
  • 7
  • 8
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 1, 2025 20:08 UTC (build b1d7be4)