An Analysis of L0rdix RAT, Panel and Builder

2019-07-19T16:49:26-07:00July 19th, 2019|Threat Research|

L0rdix is a multipurpose remote access tool (RAT) that was first discovered being sold on underground criminal forums in November 2018. Shortly after its discovery, Ben Hunter of enSilo analysed the RAT’s functionality. Although L0rdix's author set the price of the RAT at 4000 RUB (64 USD), for many cyber criminals even this was too [...]

Protect Before You Detect: FlawedAmmyy and the Case for Isolation

2019-07-17T10:21:57-07:00July 5th, 2019|Research, Threats|

Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882 in the wild. In this blog post we take a look at some of the weaknesses of detect-to-protect technologies such [...]

Cryptojacking: An Unwanted Guest

2019-07-17T10:37:36-07:00June 18th, 2019|Threats|

We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The rebound of the cryptocurrencies market means that cryptojacking is an increasingly profitable activity for criminals. The use of freely-available exploits such as EternalBlue and DoublePulsar shows how exploits that were previously only available [...]

The Emotet-ion Game (Part 3)

2019-06-11T09:35:33-07:00May 28th, 2019|Research, Threats|

This blog is a continuation of our blog series on the Emotet banking Trojan. So far, we have analysed Emotet’s delivery mechanism and its behaviour through dynamic analysis. The host and network data captured from Emotet found that it escalates its privileges by registering itself as a service, persists in multiple locations on the filesystem [...]

Emotet: How It Might Infect Your PC (Part 1 of 3)

2019-06-10T18:57:26-07:00February 4th, 2019|Threats|

This is Part 1 of a 3-part series. Read part 2 here. The most prolific malware that Bromium has been seeing in customer environments over the last three months has been Emotet. Since this appears to be the preferred malware campaign of the moment, I wanted to give a technical breakdown on how your PC [...]

Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File

2019-06-11T09:45:01-07:00February 13th, 2018|Threats|

New malware technique evades detection by simply copying a file We break it down step-by-step to show you how it works Innovative hackers continue to deliver sophisticated malware that evades detection The Bromium Lab is back to break down a recent outbreak of sneaky malware, shared with us by some of our customers who caught [...]

Seasons Greetings? Not When That’s Malware In Your e-Card

2019-06-11T09:45:18-07:00January 29th, 2018|Threats|

Over Christmas, one of our customers was hit by a Trojan and they asked us to take a look at the threat. Sixteen of their users were fooled into opening a Word document. Fortunately, they had Bromium, so it safely ran inside a micro-VM and was unable to affect their host or their intranet. Seasons [...]

The Emotet Banking Trojan: Analysis of Dropped Malware Morphing at Scale

2019-06-11T09:41:16-07:00December 3rd, 2017|Threats|

We analyzed samples containing the Emotet banking trojan and broke down the findings in a side-by-side comparison. Malware authors are repacking their malicious software into a unique executable for each potential victim, avoiding any-and-all signature-based detection. Repacked dropped executables on this scale are unprecedented, and this is why application isolation and control is so important. [...]

See Bromium in Action

Request a demo and see how Bromium isolation will put an end to malware and attacks once and for all.

Request a Demo

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.