Recent Posts from Robert Simmons
March 12, 2021
Many families of remote access trojan (RAT) are .NET executables
November 16, 2020
Tearing Down HWP Files To Expose a Trojan
June 26, 2020
YARA is a useful member of the toolset of researchers, threat hunters, incident responder, and many other defenders.
June 5, 2020
In March of 2020, MalwareHunterTeam discovered a downloader which installed both a KPot infostealer as well as a second payload which was a ransomware variant that used the string "CoronaVirus".
March 23, 2020
Getting Ahead of Ryuk attacks using YARA Rules - Continued
January 31, 2020
Public hosting sites present a challenge for defenders when exploited by adversaries to conceal payloads using various encoding techniques
January 24, 2020
Many ransomware families have changed their tactics and victim-targeting in recent years. Rather than indiscriminate attacks against anyone they’re able to infect, they have moved to a process called “big game hunting”.
December 13, 2019
A step that an adversary takes during the post exploitation phase of an attack is to establish a command line interface with a computer inside the victim’s network. One recent incident demonstrates the entire intrusion set operated by FIN6, a financially motivated threat actor group.