hasherezade | Orthology.eu

Jovi Umawing September 3, 2019

TrickBot adds new trick to its arsenal: tampering with trusted texts

Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by “intercepting network traffic before it is rendered by a victim’s browser.” If you may recall, TrickBot, a well-known banking Trojan we detect as … [Read more...]

Filed Under: 2fa, account takeover fraud, ATO, Authy, C&C, Dell Secureworks, dynamic webinject, dyreza, emotet, Eternal Romance, EternalBlue, EternalChampion, Gold Blackburn, Google Authenticator, hasherezade, point-of-sale, port-out fraud, POS, SIM hijacking, SIM swapping, Sprint, T-Mobile, thetrick, trickbot, trickloader, trickster, Trojan.TrickBot, Trojans, two-factor authentication, Verizon Wireless

hasherezade August 15, 2019

The Hidden Bee infection chain, part 1: the stegano pack

About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting phenomenon on the threat landscape. That’s why we’re dedicating a series of posts to exploring particular elements and updates made during one year of its … [Read more...]

Filed Under: cryptominers, custom format, exploit kits, Exploits, hasherezade, hidden bee, hiddenbee, infection chain, infection vector, malware modules, miner, miners, obfuscation, payloads, steganography, Threat analysis, Underminer, Underminer EK

TrickBot adds new trick to its arsenal: tampering with trusted texts

The Hidden Bee infection chain, part 1: the stegano pack

SEARCH

RECENT POSTS

Archives

DISCLAIMER