Malware

The annual Virus Bulletin conference (called „VB“ for short) is one oft he most important events of the year when it comes to threat intelligence for researchers and analysts as well as product managers and CISOs from all over the world. As usual, G DATA sent several members of their team. When they…

Everyone who deals with malware will know this: Malware names are a convoluted mess. AV scanners will show different detection names for the same file. This confusion is also reflected in media coverage. Is there a way out of this mess?

Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has…

Malware actors very rarely stick to the same script for extended periods of time. They constantly modify and update their attack methods. Recently we have observed malware that uses server-side polymorphism to hide its payload, which consists of a backdoor fully written in PowerShell.

The third part of the StrangeBits series has the ultimate solution for ransomware, explains why some malware is bloated and looks into a supposedly new skulls and bones malware infection.

A malware called "SilentBruter", which is designed to guess login credentials for online accounts, has caught the attention of one of our analysts. In this blogpost we take a closer look at the Silentbruter-Malware and its rather interesting internal structures.

When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly.

In the second part of our Strange Bits series we are taking a closer look at Sodinokibi Spam E-Mails, CinaRAT and a Malware that tries to imitate G DATA.

Sometimes we see odd stuff, like malware that employs a technique called "HTML Smuggling". Also, malware on GitHub seems to be a thing these days.

This is the final post in our graph database series, where we introduce a classification algorithm that operates on a graph. Within it, we give a high level description of the algorithm and we point out some general steps that can be carried to conceptually improve the overall performance.