Examining the Ryuk Ransomware
Ryuk ransomware had a disturbingly successful debut, being used to hit at least three organizations in its first two months of activity for more than $640,000 in ransom. Several attacks followed, where the attackers demanded even greater amounts of ransom. The attackers were able to demand and receive high ransoms ... Read More
Saefko: A new multi-layered RAT
Recently, the Zscaler ThreatLabZ team came across a new remote-access trojan (RAT) for sale on the dark web. The RAT, called Saefko, is written in .NET and has multiple functionalities. This blog provides a detailed analysis of this piece of malware, including its HTTP, IRC, and data stealing and spreading ... Read More
Immortal information stealer
Recently, the Zscaler ThreatLabZ team came across new information-stealer malware called Immortal, which is written in .NET and designed to steal sensitive information from an infected machine. The Immortal stealer is sold on the dark web with different build-based subscriptions. This blog provides an analysis of the data Immortal steals ... Read More
Sieren: A new DoS bot
Zscaler ThreatLabZ recently discovered a new DoS family bot named Sieren. A denial-of-service (DoS) attack is a cyber-attack in which cybercriminals disrupt the service of a host connected to the internet, either temporarily or indefinitely, to its intended users. In this analysis, we'll describe Sieren's functionality and communication, its 10 ... Read More
