Blueliv Labs
Blueliv

Rooty Dolphin uses Mekotio to target bank clients in South America and Europe

Rooty Dolphin uses Mekotio to target bank clients in South America and Europe

| | banking, Blog, Mekotio, research, Rooty Dolphin, threat actors
Key Points  Rooty Dolphin is a threat actor who uses Mekotio to target banks  Mekotio is a banking trojan with Brazilian origins  Rooty Dolphin started targeting South America but moved to Europe some months ago   Introduction  Blueliv Labs has been tracking the activities of different threat actors performing campaigns in Latam and Europe. Initially, ... Read More
Blueliv
Playing with GuLoader Anti-VM techniques

Playing with GuLoader Anti-VM techniques

| | Anti-VM, Blog, GuLoader, Malware, research, reversing
GuLoader is one of the most widely used loaders to distribute malware throughout 2020. Among the malware families distributed by GuLoader, we can find FormBook, AgentTesla and other commodity malware. A recent research performed by Check Point suggests that GuLoader code is almost identical to a loader named as CloudEye ... Read More
Blueliv
M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis

M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis

| | Blog, covid19, dark web, HawkEye, M00nD3v, Malware, research, Threat Context, Threat Intelligence
Key Points The information-stealing malware dubbed M00nD3v Logger was recently auctioned off on Hack Forums, together with HakwEye Reborn. The threat actor – operating under the alias “M00nD3v” – states that they sold the malware in response to being diagnosed with COVID-19. M00nD3v was previously involved in sales of the ... Read More
Blueliv
Analysis of the Top10 Hacktivist Operations

Analysis of the Top10 Hacktivist Operations

| | Blog, cyber attacks, hacktivism, Hacktivists, research, threat actors
Key Points The most relevant hacktivist operations in the last 12 months were: #OpIceIsis, #OpChile, #OpChildSafety, #OpKillingBay and #OpBeast. The operation #OpGeorgeFloyd, born after George Floyd was killed by police in Minneapolis in May 2020, amassed 8535 tweets in just three weeks. Hacktivist attacks generally comprise DDoS attacks, publishing confidential ... Read More
Blueliv
Escape from the Maze – Part 2

Escape from the Maze – Part 2

| | Blog, Maze, Ransomware, research
In the last article, we have covered the obfuscation techniques used by one of the loaders used by the Maze ransomware. It is recommended to read it before you start with the Maze DLL. In this article we will analyze in detail the obfuscation techniques used by the Maze DLL ... Read More
Blueliv
Escape from the Maze

Escape from the Maze

| | Blog, research
Throughout this series of articles we will showcase some of the techniques used by the ransomware Maze to make its analysis more difficult. Additionally, a series of scripts will be provided to deobfuscate and better follow the execution flow. Usually the ransomware Maze is in DLL form, which is loaded ... Read More
Blueliv
OilRig / APT34 profile

TOP 5 ATT&CK techniques used by Threat Actors tied to Iran

| | ATT&CK, Iran, research, threat actors, Threat Context, Threat Intelligence
On the 3rd of January 2020, the Iranian Major General Qasem Soleimani was killed in a US drone strike ordered by President Donald Trump at Baghdad International Airport. Since then, popular demonstrations and military responses have been seen coming from Iran. It’s important to remember, however, that wars and military ... Read More
Blueliv