Blue-Team

The latest in malware analysis, threat intelligence, cybersecurity reports, SIEM intelligence, and more Blue-Team news.

Trojanized Zoom Installers Deliver Cryptocurrency Miner: Analyzing Trojan.Win32.MOOZ.THCCABO

Malware Analysis

Trojanized Zoom Installers Deliver Cryptocurrency Miner: Analyzing Trojan.Win32.MOOZ.THCCABO

A new malware campaign has been identified distributing trojanized versions of Zoom installers bundled with cryptocurrency mining...

Fake Zoom Installers Deliver Backdoor.Win32.DEVILSHADOW.THEAABO Malware

Malware Analysis

Fake Zoom Installers Deliver Backdoor.Win32.DEVILSHADOW.THEAABO Malware

A newly identified backdoor malware, Backdoor.Win32.DEVILSHADOW.THEAABO, has been discovered embedded in counterfeit Zoom installer packages. This threat...

Backdoor.MSIL.BLADABINDI.THA: Analyzing the Persistent Windows Backdoor Threat

Malware Analysis

Backdoor.MSIL.BLADABINDI.THA: Analyzing the Persistent Windows Backdoor Threat

Backdoor.MSIL.BLADABINDI.THA represents a concerning Windows-based backdoor malware that security teams should monitor, particularly due to its recent...

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Malware Analysis

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Trojan.MSIL.SUPERNOVA.A represents a significant Windows-based threat with high damage potential despite its currently limited distribution. First identified...

Trojan.INF.HIDDENTEAR.THAOGBA: Analysis of a Low-Risk Windows Trojan with Autorun Persistence

Malware Analysis

Trojan.INF.HIDDENTEAR.THAOGBA: Analysis of a Low-Risk Windows Trojan with Autorun Persistence

Trojan.INF.HIDDENTEAR.THAOGBA is a Windows-based Trojan classified as low-risk by Trend Micro. It spreads through malicious downloads or...

Ransom.MSIL.COBRALOCKER.AA: Technical Analysis of an Evolving Ransomware Threat

Malware Analysis

Ransom.MSIL.COBRALOCKER.AA: Technical Analysis of an Evolving Ransomware Threat

Summary: Ransom.MSIL.COBRALOCKER.AA represents a Windows-targeting ransomware strain first identified in January 2021, demonstrating low distribution but high...

Ransom.Win32.MAOLOA.THAAHBA: Technical Analysis of a Windows Ransomware Strain

Malware Analysis

Ransom.Win32.MAOLOA.THAAHBA: Technical Analysis of a Windows Ransomware Strain

Ransom.Win32.MAOLOA.THAAHBA is a targeted ransomware variant affecting Windows systems, first observed in January 2021. While classified as...

Ransom.MSIL.THANOS.THABGBA: A Low-Prevalence but High-Impact Ransomware Threat

Malware Analysis

Ransom.MSIL.THANOS.THABGBA: A Low-Prevalence but High-Impact Ransomware Threat

Ransom.MSIL.THANOS.THABGBA is a ransomware strain targeting Windows systems, classified as a low-risk threat due to its limited...

DEARCRY Ransomware: Technical Analysis of a High-Risk Threat Targeting Microsoft Exchange Servers

Malware Analysis

DEARCRY Ransomware: Technical Analysis of a High-Risk Threat Targeting Microsoft Exchange Servers

Summary: Ransom.Win32.DEARCRY.THCABBA represents a significant cybersecurity threat despite its relatively low prevalence. First identified in March 2021,...

ASTROLOCKER Ransomware: Technical Analysis and Defense Strategies

Malware Analysis

ASTROLOCKER Ransomware: Technical Analysis and Defense Strategies

The Ransom.Win64.ASTROLOCKER.THCBDBA ransomware represents a moderate-risk threat with high damage potential, primarily targeting Windows environments. First documented...

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

Malware Analysis

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

Ransom.Win32.ASTROLOCKER.A represents a lesser-known but technically sophisticated ransomware strain with potential ties to the Mount Locker operation....

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

Malware Analysis

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

TrojanSpy.MSIL.REDLINESTEALER.YXBDM represents a sophisticated information-stealing malware targeting Windows systems, first identified by Trend Micro researchers in April...

RedLine Stealer Malware: Analyzing the Persistent Data-Theft Threat Targeting Credentials

Malware Analysis

RedLine Stealer Malware: Analyzing the Persistent Data-Theft Threat Targeting Credentials

TrojanSpy.MSIL.REDLINESTEALER.YXBDN represents a sophisticated Windows-based information stealer with demonstrated capabilities in credential harvesting across multiple applications. First...

Ransom.Win32.SODINOKIBI.YABGC: Technical Analysis of a REvil Ransomware Variant Targeting Windows Systems

Malware Analysis

Ransom.Win32.SODINOKIBI.YABGC: Technical Analysis of a REvil Ransomware Variant Targeting Windows Systems

The ransomware variant Ransom.Win32.SODINOKIBI.YABGC (a member of the REvil/Sodinokibi family) poses a significant threat to Windows environments...

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Malware Analysis

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

The ransomware strain Ransom.Win32.BLACKMATTER.THGOCBA presents a moderate-risk threat with significant operational impact potential, primarily targeting Windows environments....

Ransom.Win32.LOCKBIT.YEBGW: Technical Analysis and Mitigation Strategies

Blue-Team

Ransom.Win32.LOCKBIT.YEBGW: Technical Analysis and Mitigation Strategies

Ransom.Win32.LOCKBIT.YEBGW is a ransomware variant linked to the LockBit family, a group notorious for high-impact cyberattacks worldwide....

Trojan.Win32.KILLMBR.YECCA: Analyzing the MBR-Targeting Malware Threat

Malware Analysis

Trojan.Win32.KILLMBR.YECCA: Analyzing the MBR-Targeting Malware Threat

Trojan.Win32.KILLMBR.YECCA is a Windows-based Trojan with significant destructive potential despite its current low prevalence. First documented by...

Worm.Win32.HERMWIZ.YECCA: Low-Risk Worm with High Spread Potential

Malware Analysis

Worm.Win32.HERMWIZ.YECCA: Low-Risk Worm with High Spread Potential

Summary: Worm.Win32.HERMWIZ.YECCA is a low-risk but highly distributable worm targeting Windows systems. It spreads via malware-dropped files...

Technical Analysis of Ransom.Win32.LOCKBIT.YXCGD: A Low-Prevalence LockBit Variant

Malware Analysis

Technical Analysis of Ransom.Win32.LOCKBIT.YXCGD: A Low-Prevalence LockBit Variant

Summary: The ransomware variant Ransom.Win32.LOCKBIT.YXCGD (detected as Trojan-Ransom.BlackMatter by IKARUS and Ransom:Win32/Lockbit.STB by Microsoft) represents a low-risk...

Ransom.Win32.RTMCOMMAND.THKBFBD: Analyzing a Low-Risk but Potent Windows Ransomware Strain

Malware Analysis

Ransom.Win32.RTMCOMMAND.THKBFBD: Analyzing a Low-Risk but Potent Windows Ransomware Strain

Discovered in April 2023, Ransom.Win32.RTMCOMMAND.THKBFBD (also tracked as Ransom:Win32/RTMLocker.AA!MTB) is a Windows-specific ransomware strain with limited distribution...

Posts pagination

Previous 1 2 3 4 Next

Blue-Team

Trojanized Zoom Installers Deliver Cryptocurrency Miner: Analyzing Trojan.Win32.MOOZ.THCCABO

Fake Zoom Installers Deliver Backdoor.Win32.DEVILSHADOW.THEAABO Malware

Backdoor.MSIL.BLADABINDI.THA: Analyzing the Persistent Windows Backdoor Threat

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Trojan.INF.HIDDENTEAR.THAOGBA: Analysis of a Low-Risk Windows Trojan with Autorun Persistence

Ransom.MSIL.COBRALOCKER.AA: Technical Analysis of an Evolving Ransomware Threat

Ransom.Win32.MAOLOA.THAAHBA: Technical Analysis of a Windows Ransomware Strain

Ransom.MSIL.THANOS.THABGBA: A Low-Prevalence but High-Impact Ransomware Threat

DEARCRY Ransomware: Technical Analysis of a High-Risk Threat Targeting Microsoft Exchange Servers

ASTROLOCKER Ransomware: Technical Analysis and Defense Strategies

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

RedLine Stealer Malware: Analyzing the Persistent Data-Theft Threat Targeting Credentials

Ransom.Win32.SODINOKIBI.YABGC: Technical Analysis of a REvil Ransomware Variant Targeting Windows Systems

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Ransom.Win32.LOCKBIT.YEBGW: Technical Analysis and Mitigation Strategies

Trojan.Win32.KILLMBR.YECCA: Analyzing the MBR-Targeting Malware Threat

Worm.Win32.HERMWIZ.YECCA: Low-Risk Worm with High Spread Potential

Technical Analysis of Ransom.Win32.LOCKBIT.YXCGD: A Low-Prevalence LockBit Variant

Ransom.Win32.RTMCOMMAND.THKBFBD: Analyzing a Low-Risk but Potent Windows Ransomware Strain

You may have missed

Trump’s TikTok Decision: National Security, Ownership, and April 5 Deadline

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks