Clik here to view.
This is Spartacus: new ransomware on the block
In this blog post, we'll analyse Spartacus, one of many new ransomware families popping up in 2018.AnalysisThis instance of Spartacus ransomware has the following properties:MD5;...
View ArticleClik here to view.
Satan ransomware adds EternalBlue exploit
Today, MalwareHunterTeam reached out to me about a possible new variant of Satan ransomware.Satan ransomware itself has been around since January 2017 as reported by Bleeping Computer.In this blog post...
View ArticleClik here to view.
Ransomnix ransomware variant encrypts websites
Ransomnix is a (supposedly Jigsaw, but not really) ransomware variant that holds websites for ransom, and encrypts any files associated with the website.This ransomware was discovered in the second...
View ArticleClik here to view.
Vietnamese test-ransomware wants you to add credit to a mobile phone
In this quick blog post we'll have a look at BKRansomware, a Vietnamese ransomware that wants you to top up its phone.Update: 2018-05-06, scroll down for the update, added to the...
View ArticleClik here to view.
PSCrypt ransomware: back in business
PSCrypt is ransomware first discovered last year, in 2017, targeting users and organisations alike in Ukraine, and the malware itself is based on GlobeImposter ("GI") ransomware.I've written about...
View ArticleClik here to view.
RedEye ransomware: there's more than meets the eye
A rather anonymous account reached out to me on Twitter asking to check out a "scary & really nasty" sample.It turned out to be RedEye ransomware, a new strain or variant by the same creator of...
View ArticleClik here to view.
MAFIA ransomware targeting users in Korea
A new ransomware family was discovered and sent to me by MalwareHunterTeam, which we'll call MAFIA due to the extension it uses to encrypt files. The ransomware appears to target users in Korea, and...
View ArticleClik here to view.
Analysing a massive Office 365 phishing campaign
Last week, a friend of mine reached out with a query: a contact in his address book had sent him a suspicious email. As it turns out, it was. In this blog post, we'll have a quick look at an Office 365...
View ArticleClik here to view.
Run applications and scripts using Acer's RunCmd
This weekend I was cleaning up an old Acer laptop of mine and discovered a hidden folder on the root drive, C:\OEM.Inside's a bunch of interesting files, one of these is a tool called...
View ArticleClik here to view.
Monero download site and binaries compromised
IntroductionEarlier this evening I saw a tweet appear which claimed Monero has been hacked and a malicious binary (instead of the real one) has been served:Warning Monero users: If you downloaded...
View ArticleClik here to view.
Satan ransomware rebrands as 5ss5c ransomware
The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".In a previous blog post, Satan...
View ArticleClik here to view.
Blue Team Puzzle
Several years ago, I created a "malware puzzle" - basically, a crossword puzzle but with terms related to malware. You can find that puzzle here:...
View ArticleClik here to view.
Digital artists targeted in RedLine infostealer campaign
In this post, we'll look at a campaign, that targeted multiple 3D or digital artists using NFT, with malware named RedLine. This malware is a so called "infostealer" or "information stealer" that is...
View ArticleClik here to view.
Yara rules collection
Quite a while ago, I've published some of my private Yara rules online, on Github. They can be found here:https://github.com/bartblaze/Yara-rulesThere's two workflows running on that Github...
View ArticleClik here to view.
Fara: Faux YARA
FARA, or Faux YARA, is a simple repository that contains a set of purposefully erroneous Yara rules. It is meant as a training vehicle for new security analysts, those that are new to Yara and even...
View ArticleClik here to view.
Analyse, hunt and classify malware using .NET metadata
IntroductionEarlier last week, I ran into a sample that turned out to be PureCrypter, a loader and obfuscator for all different kinds of malware such as Agent Tesla and RedLine. Upon further...
View ArticleClik here to view.
New North Korean based backdoor packs a punch
 In recent months, North Korean based threat actors have been ramping up attack campaigns in order to achieve a myriad of their objectives, whether it be financial gain or with espionage purposes in...
View ArticleClik here to view.
Microsoft Word and Sandboxes
Today's post is a brief one on some Microsoft Word and sandbox detection / discovery / fun.Collect user name from Microsoft OfficeMost sandboxes will trigger somehow or something if a tool or malware...
View Article