Author name: Terry Mayer

Deobfuscating Ostap Downloader

Recently, our team has noticed a slight uptick in malicious Word documents using Ostap to deliver a TrickBot payload. These documents tend to have a low detection rate and are very fussy about running in a sandbox. In order to get a better idea of how they work, we needed to deobfuscate the downloader by […]

Deobfuscating Ostap Downloader Read More »

JhoneRat – a snake in the network

Our team recently discovered an interesting attack that appeared to be targeting victims in the UAE using a lure in the style of the UAE Ministry of Foreign Affairs. We are publishing our findings here. The attack starts with a Microsoft Word document that loads a remote template containing malicious macros, which finally delivers a

JhoneRat – a snake in the network Read More »

Iran and the USA: an escalation in cyber-warfare?

Last week, Iran’s Minister of Communications and Information Technology announced that the country had successfully prevented an attempted “huge cyber attack organised by a foreign state”. While he did not provide specific details about the incident, he said that Iran had faced “a highly-organized and state-sponsored attack against the infrastructures of the electronic government and

Iran and the USA: an escalation in cyber-warfare? Read More »

WeChat: how private is your data?

Over the last couple of years, a great deal of attention in western countries has been directed towards the Chinese telecom companies Huawei and ZTE, which have been banned from participating in the 5G market by various governments, due to concerns over cyber espionage. While debates continue, analysts have also recently been focusing on the

WeChat: how private is your data? Read More »

Attack of the Zombie Eels

Recently our team discovered two very interesting tools published on GitHub by security researchers Michele Orrù and Giuseppe Trotta. Muraena is an almost transparent reverse proxy capable of proxying the victim through to the legitimate target website while harvesting credentials and cookies, and in most cases allowing 2FA flows to complete. (source)   Necrobrowser is

Attack of the Zombie Eels Read More »

Scroll to Top