Ave_Maria Malware: there's more than meets the eye

Introduction AVE_MARIA, a malware used in phishing campaigns and so far identified only as an info-stealer, appears to be more complex and insidious, offering a wide range of capabilities, from privilege escalation to camera exfiltration, RDP connections, email extraction and more. For the past few months we have been monitoring various phishing campaign delivering AVE_MARIA […]

Hunting Fileless Malware: Invisible but not Undetected

Fileless malware attacks are a growing concern in cyber-security with an interesting history that dates back to 2001. After remaining almost silent for several years, this type of threat began to gain fresh traction in 2014 with new concepts introduced at a fast pace. Today such attacks are so common that new strategies had to […]

Silence group targeting Russian Banks via Malicious CHM

In November 2018 we followed up on a tweet mentioning a potential malicious code disseminated in CHM (Microsoft Compiled HTML Help). A preliminary analysis caught the attention of our Threat Analysis and Intelligence team as it yielded interesting data that, among other things, shows that the attack campaign was targeting employees from financial entities, specifically […]

ReaQta Behavioral Engine and Virustotal

Over the past 3 months ReaQta has been working closely with VirusTotal to integrate ReaQta-Hive‘s behavioral engine, today we are excited to announce that the integration is complete and available to the public. VirusTotal is a free service that analyzes files and URLs to detect malicious content, the platform is well-known among security researchers as it […]

Spear-phishing campaign targeting Qatar and Turkey

During our daily threat hunting activities we have come across a tweet reporting an active spear-phishing campaign apparently targeting Turkey. After an initial assessment we decided to investigate further, finding similarities with other campaigns active in the recent past and possibly coming from the same actors.

Proactive Threat Hunting with A.I.

Proactive Threat Hunting helps in the early detection of new threats and in the discovery of weak spots that can be leveraged by an attacker to gain or maintain access to an infrastructure.  Traditional IOCs, combined with ATT&CK Mitre TTPs and Artificial Intelligence for discovery of new behaviors raises the bar for the attackers, helping responders to identify […]

Ursnif reloaded: tracing the latest trojan campaigns

On the 9th of October our customers started reporting the same kind of incident over the span of a few hours. The identified activity appears to be linked to the banking Trojan Ursnif, a long active malware, whose roots can be traced back to 2007 together with ZeuS and SpyEye, still with strong infection capabilities in […]

Banks and crypto wallets: unveiling a global malware campaign using Zeus/Panda

For the past weeks our Threat Intelligence team has been following an enxtesive campaign, possibly operated by the same group, targeting a large amount of financial institutions, cyptocurrency wallets and the occasional Google and Apple accounts. The attackers target their victims both with Phishing emails, typo-squatted domains and malicious attachments that eventually lead to the […]

Active Learning as a powerful tool in the Cyber Security arsenal

When datasets are hard to label or highly skewed, Active Learning shows great potential to help both the algorithms and the analyst to make sense of data faster and more efficiently. The promise of AI in cyber-security has long been that of helping humans to automate and simplify the daunting task of preventing data loss […]