Blue-Team

The latest in malware analysis, threat intelligence, cybersecurity reports, SIEM intelligence, and more Blue-Team news.

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

Malware Analysis

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

Ransom.Win32.ASTROLOCKER.A represents a lesser-known but technically sophisticated ransomware strain with potential ties to the Mount Locker operation....

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

Malware Analysis

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

TrojanSpy.MSIL.REDLINESTEALER.YXBDM represents a sophisticated information-stealing malware targeting Windows systems, first identified by Trend Micro researchers in April...

RedLine Stealer Malware: Analyzing the Persistent Data-Theft Threat Targeting Credentials

Malware Analysis

RedLine Stealer Malware: Analyzing the Persistent Data-Theft Threat Targeting Credentials

TrojanSpy.MSIL.REDLINESTEALER.YXBDN represents a sophisticated Windows-based information stealer with demonstrated capabilities in credential harvesting across multiple applications. First...

Ransom.Win32.SODINOKIBI.YABGC: Technical Analysis of a REvil Ransomware Variant Targeting Windows Systems

Malware Analysis

Ransom.Win32.SODINOKIBI.YABGC: Technical Analysis of a REvil Ransomware Variant Targeting Windows Systems

The ransomware variant Ransom.Win32.SODINOKIBI.YABGC (a member of the REvil/Sodinokibi family) poses a significant threat to Windows environments...

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Malware Analysis

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

The ransomware strain Ransom.Win32.BLACKMATTER.THGOCBA presents a moderate-risk threat with significant operational impact potential, primarily targeting Windows environments....

Ransom.Win32.LOCKBIT.YEBGW: Technical Analysis and Mitigation Strategies

Blue-Team

Ransom.Win32.LOCKBIT.YEBGW: Technical Analysis and Mitigation Strategies

Ransom.Win32.LOCKBIT.YEBGW is a ransomware variant linked to the LockBit family, a group notorious for high-impact cyberattacks worldwide....

Trojan.Win32.KILLMBR.YECCA: Analyzing the MBR-Targeting Malware Threat

Malware Analysis

Trojan.Win32.KILLMBR.YECCA: Analyzing the MBR-Targeting Malware Threat

Trojan.Win32.KILLMBR.YECCA is a Windows-based Trojan with significant destructive potential despite its current low prevalence. First documented by...

Worm.Win32.HERMWIZ.YECCA: Low-Risk Worm with High Spread Potential

Malware Analysis

Worm.Win32.HERMWIZ.YECCA: Low-Risk Worm with High Spread Potential

Summary: Worm.Win32.HERMWIZ.YECCA is a low-risk but highly distributable worm targeting Windows systems. It spreads via malware-dropped files...

Technical Analysis of Ransom.Win32.LOCKBIT.YXCGD: A Low-Prevalence LockBit Variant

Malware Analysis

Technical Analysis of Ransom.Win32.LOCKBIT.YXCGD: A Low-Prevalence LockBit Variant

Summary: The ransomware variant Ransom.Win32.LOCKBIT.YXCGD (detected as Trojan-Ransom.BlackMatter by IKARUS and Ransom:Win32/Lockbit.STB by Microsoft) represents a low-risk...

Ransom.Win32.RTMCOMMAND.THKBFBD: Analyzing a Low-Risk but Potent Windows Ransomware Strain

Malware Analysis

Ransom.Win32.RTMCOMMAND.THKBFBD: Analyzing a Low-Risk but Potent Windows Ransomware Strain

Discovered in April 2023, Ransom.Win32.RTMCOMMAND.THKBFBD (also tracked as Ransom:Win32/RTMLocker.AA!MTB) is a Windows-specific ransomware strain with limited distribution...

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Malware Analysis

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Ransom.Win64.CONTI.AA, a variant of the notorious Conti ransomware family, remains a significant threat to Windows systems despite...

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Malware Analysis

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Trojan.W97M.EMOTET.SMI is a variant of the notorious Emotet malware, primarily spread through malicious Microsoft Office documents. Despite...

Ransom.MSIL.EGOGEN.THEBBBC: Analyzing a Low-Risk but Persistent Ransomware Threat

Malware Analysis

Ransom.MSIL.EGOGEN.THEBBBC: Analyzing a Low-Risk but Persistent Ransomware Threat

Ransom.MSIL.EGOGEN.THEBBBC is a ransomware strain targeting Windows systems, classified as low-risk in terms of distribution but with...

Ransom.Win32.NOKO.THDABBC: Low-Risk Ransomware with Medium Damage Potential

Malware Analysis

Ransom.Win32.NOKO.THDABBC: Low-Risk Ransomware with Medium Damage Potential

Ransom.Win32.NOKO.THDABBC is a ransomware strain targeting Windows systems, classified as low risk due to its limited distribution...

Ransom.Win32.SPOOSH.THGAGBC: A Low-Risk Ransomware with High Data Exfiltration Risks

Malware Analysis

Ransom.Win32.SPOOSH.THGAGBC: A Low-Risk Ransomware with High Data Exfiltration Risks

Ransom.Win32.SPOOSH.THGAGBC is a Windows-targeting ransomware strain first documented by Trend Micro in July 2023. While classified as...

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

Blue-Team

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

A recent investigation by Trend Micro’s Managed XDR team uncovered a sophisticated web shell attack targeting Internet...

Inside RedLine Stealer’s Backend: How the Infamous MaaS Operation Worked

Malware Analysis

Inside RedLine Stealer’s Backend: How the Infamous MaaS Operation Worked

Following an international law enforcement takedown of the RedLine Stealer malware-as-a-service (MaaS) operation in October 2024, ESET...

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Blue-Team
CVE News

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Zoho Corporation has addressed a medium-severity authentication vulnerability (CVE-2025-1723) in ManageEngine ADSelfService Plus versions 6510 and earlier....

Microsoft Azure Vulnerabilities Patched: Key Details for Security Teams

Blue-Team
CVE News

Microsoft Azure Vulnerabilities Patched: Key Details for Security Teams

Microsoft has recently addressed several critical vulnerabilities in its Azure platform, as reported by the Dutch National...

Ivanti Secure Access Client Vulnerability Patched: NCSC-2025-0085 Explained

Blue-Team
CVE News

Ivanti Secure Access Client Vulnerability Patched: NCSC-2025-0085 Explained

On March 12, 2025, Ivanti announced the resolution of a critical vulnerability in its Ivanti Secure Access...

Posts pagination

Previous 1 … 6 7 8 9 10 Next

Blue-Team

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

RedLine Stealer Malware: Analyzing the Persistent Data-Theft Threat Targeting Credentials

Ransom.Win32.SODINOKIBI.YABGC: Technical Analysis of a REvil Ransomware Variant Targeting Windows Systems

BLACKMATTER Ransomware Technical Analysis: Understanding Ransom.Win32.BLACKMATTER.THGOCBA

Ransom.Win32.LOCKBIT.YEBGW: Technical Analysis and Mitigation Strategies

Trojan.Win32.KILLMBR.YECCA: Analyzing the MBR-Targeting Malware Threat

Worm.Win32.HERMWIZ.YECCA: Low-Risk Worm with High Spread Potential

Technical Analysis of Ransom.Win32.LOCKBIT.YXCGD: A Low-Prevalence LockBit Variant

Ransom.Win32.RTMCOMMAND.THKBFBD: Analyzing a Low-Risk but Potent Windows Ransomware Strain

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Ransom.MSIL.EGOGEN.THEBBBC: Analyzing a Low-Risk but Persistent Ransomware Threat

Ransom.Win32.NOKO.THDABBC: Low-Risk Ransomware with Medium Damage Potential

Ransom.Win32.SPOOSH.THGAGBC: A Low-Risk Ransomware with High Data Exfiltration Risks

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

Inside RedLine Stealer’s Backend: How the Infamous MaaS Operation Worked

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Ivanti Secure Access Client Vulnerability Patched: NCSC-2025-0085 Explained

You may have missed

Dark Web Data Exposure: Technical Analysis and Response for Security Professionals

Misinformation as a Threat Vector: Lessons from the Brown University Shooting Investigation

Google’s Gmail Address Change: A New Vector for Account Takeover and Social Engineering

The AI Investment Surge in India: A Strategic Analysis for Security Leaders