Morphisec Labs - Tagged - Security Boulevard
snip3 crypter revealed

Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader

Introduction Morphisec has recently monitored a highly sophisticated Crypter-as-a-Service that delivers numerous RAT families onto target machines. The Crypter is most commonly delivered through phishing emails, which lead to the download of ...
Phobos Ransomware Fair Variant

The “Fair” Upgrade Variant of Phobos Ransomware

Introduction The developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct ...
HCrypt-Featured

Tracking HCrypt: An Active Crypter as a Service

Introduction During 2021 Morphisec identified an increased usage of the “HCrypt” crypter. In this post, we will lockpick “HCrypt” – a crypter as a service that is marketed as a FUD (fully ...
MineBridge RAT

MineBridge Is on the Rise, With a Sophisticated Delivery Mechanism

Introduction The MineBridge RAT was first identified in January 2020 by security researchers at FireEye, who observed the backdoor attacking financial institutions in the United States with some targets located in South ...
Egregor Ransomware blog

Egregor Ransomware Adopting New Techniques

Introduction Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology ...
Osiris Banking Trojan Targets German IP Addresses

Long Live, Osiris; Banking Trojan Targets German IP Addresses

Introduction During the period between January 15 and 20, Morphisec identified a significant campaign targeting multiple German customers from the manufacturing industry. Targeted personnel were redirected to compromised websites that were, and ...
CinaRAT Resurfaces

CinaRAT Resurfaces With New Evasive Tactics and Techniques

Introduction In this post, we will be covering CinaRAT loader`s evasive TTPs (tactics, techniques, and procedures) as have been identified and prevented by Morphisec’s zero-trust endpoint security solution, powered by moving target ...
FIN7 JSSLoader post

The Evolution of the FIN7 JSSLoader

Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has provided unique visibility into multiple FIN7 campaigns that ...
Jupyter Infostealer Blog-1

The introduction of the Jupyter InfoStealer/Backdoor

| | Morphisec Labs, zero-day
An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, ...
Agent-Tesla-Attack-Blog

Agent Tesla: A Day in a Life of IR

Introduction The Agent Tesla infostealer has been around since 2014. During the last two to three years, it's also had a significant distribution growth factor partially due to the fact that cracked ...