Report: The SpyRATs of OceanLotus

During an incident response investigation, our threat researchers and incident responders uncovered several bespoke backdoors deployed by OceanLotus Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the threat actor using obfuscated CobaltStrike Beacon payloads to perform C2. This white paper is dedicated to in-depth technical analysis of the ... Read More

Report: The SpyRATs of OceanLotus

During an incident response investigation, our threat researchers and incident responders uncovered several bespoke backdoors deployed by OceanLotus Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the threat actor using obfuscated CobaltStrike Beacon payloads to perform C2. This white paper is dedicated to in-depth technical analysis of the ... Read More

Report: The SpyRATs of OceanLotus

During an incident response investigation, our threat researchers and incident responders uncovered several bespoke backdoors deployed by OceanLotus Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the threat actor using obfuscated CobaltStrike Beacon payloads to perform C2. This white paper is dedicated to in-depth technical analysis of the ... Read More
Threat Spotlight: Panda Banker Trojan Targets the US, Canada and Japan

Threat Spotlight: Panda Banker Trojan Targets the US, Canada and Japan

Panda Banker is a heavily obfuscated, highly configurable, and active malware. Threat actors use this malware to steal bank/credit card information, personal data, and web wallet/blockchain information. Major targets include companies in United States, Canada, and Japan ... Read More
Cylance vs. Updated Emotet

Cylance vs. Updated Emotet

Emotet, a malware we profiled in December 2017, is back with some brand new tricks. Our Threat Research team recently dismantled an updated version of Emotet to examine some changes to its operations ... Read More
Cylance vs. Smoke Loader and the Trickbot Trojan

Cylance vs. Smoke Loader and the Trickbot Trojan

This week, Cylance investigates three unique malware variants found travelling together. The members of this malware triad include: Smoke Loader, a popular malware downloader, Trickbot, an information stealing banking Trojan, and a deceptive document loaded with malicious macros ... Read More
Threat Spotlight: Resurgent Smoke Loader Malware Dissected

Threat Spotlight: Resurgent Smoke Loader Malware Dissected

Smoke Loader is a well-established, highly configurable malware which is being actively updated by threat groups. Our Threat Research team recently dissected a resurgent form of Smoke Loader. The investigation uncovered two other samples of malware working with Smoke Loader: a document packed with malicious macros, and Trickbot, a banking ... Read More