Malware Misuses Common Operating System Commands to Perform Targeted Attacks

Malware Misuses Common Operating System Commands to Perform Targeted Attacks

We previously posted a blog about the Ursnif family of malware using language checks to determine the end user’s location as a means of bypassing sandbox-based endpoint protection during regionally targeted attacks ...
Ursnif infection chain Bromium blog

Tricks and COMfoolery: How Ursnif Evades Detection

Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass ...