Content added to Folio

Research, News, and Perspectives

Add Filters
Filter by:
DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework
Cybermenaces

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework.

November 08, 2022
Ransomware

New Mimic Ransomware Abuses Everything APIs for its Encryption Process

Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage.

Research Jan 26, 2023

Save to Folio

Research Jan 26, 2023

Save to Folio

Cloud

Attacking The Supply Chain: Developer

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

Jan 25, 2023

Save to Folio

Jan 25, 2023

Save to Folio

Ransomware

Vice Society Ransomware Group Targets Manufacturing Companies

In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.

Research Jan 24, 2023

Save to Folio

Research Jan 24, 2023

Save to Folio

Cybermenaces

“Payzero” Scams and The Evolution of Asset Theft in Web3

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”.

Research Jan 18, 2023

Save to Folio

Research Jan 18, 2023

Save to Folio

Programmes malveillants

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

Jan 17, 2023

Save to Folio

Jan 17, 2023

Save to Folio

Cloud

Abusing a GitHub Codespaces Feature For Malware Delivery

Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server.

Jan 16, 2023

Save to Folio

Jan 16, 2023

Save to Folio

Exploitations de & failles de sécurité

What is Red Teaming & How it Benefits Orgs

Running real-world attack simulations can help improve organizations' cybersecurity resilience

Expert Perspective Jan 10, 2023

Save to Folio

Expert Perspective Jan 10, 2023

Save to Folio

Programmes malveillants

Gootkit Loader Actively Targets Australian Healthcare Industry

We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player.

Research Jan 09, 2023

Save to Folio

Research Jan 09, 2023

Save to Folio

Risques liés à la & conformité

CISO's Challenges Involved with Business Leader & SOC

Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT.

Security Strategies Dec 26, 2022

Save to Folio

Security Strategies Dec 26, 2022

Save to Folio