A deeper dive into the"Silentbruter" malware - Internal folder structures revealed
A malware called "SilentBruter", which is designed to guess login credentials for online accounts, has caught the attention of one of our analysts. In this blogpost we take a closer look at the Silentbruter-Malware and its rather interesting internal structures.
Ransomware identification for the judicious analyst
When facing a ransomware infection, it helps to be familiar with some tools as well as key points to identify ransomware correctly.
Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA
In the second part of our Strange Bits series we are taking a closer look at Sodinokibi Spam E-Mails, CinaRAT and a Malware that tries to imitate G DATA.
Strange Bits: HTML Smuggling and GitHub Hosted Malware
Sometimes we see odd stuff, like malware that employs a technique called "HTML Smuggling". Also, malware on GitHub seems to be a thing these days.
Graph databases: Bad neighborhoods, parents and machine learning
This is the final post in our graph database series, where we introduce a classification algorithm that operates on a graph. Within it, we give a high level description of the algorithm and we point out some general steps that can be carried to conceptually improve the overall performance.
GarrantyDecrypt Ransomware poses as EnigmaSoft's SpyHunter
A new ransomware variant discredits EnigmaSoft by pretending to be SpyHunter. The ransom message reads like mockery. Some of the encrypted files might be recoverable.
Paliz, the PowerShell downloader in a ZIP and beyond
Threat actors regularly come up with new techniques for malware downloaders to hide and execute their code with the expectation that they can fool antivirus solutions for some time. Paliz is an archive that carries malicious code in an unusual location.
Distributing Malware - one "Word" at a Time
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
Unpacking 101: Writing a static Unpacker for Ldpinch
Packers are commonly used by malware authors to thwart analysis. In our latest TechBlog article we will take a look at how packers work and how to unpack malware without running it.
Emotet: G DATA explains cybercrime's all-purpose weapon
No other malware-family is as penetrating and has been in development as long as Emotet. The malware has already caused millions in damage in companies around the world. We explain what Emotet can do and why it is so dangerous.
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist
