This post explores some of the TTPs employed by a threat actor who were observed deploying LockBit 3.0 ransomware during an incident response engagement.
by Michael Mathews Ransomware has been a concern for everyone over the past several years because of its impact to organisations with the added pressure of extortion and regulatory involvement. However, the question always arises as to how we prevent it. Prevention is better than cure and hindsight is a virtue. This blog post aims … Continue reading Top of the Pops: Three common ransomware entry techniques
In the Threat Pulse released in November 2021 we touched on Everest Ransomware group. This latest blog documents the TTPs employed by a group who were observed deploying Everest ransomware during a recent incident response engagement.
This blog post documents some of the TTPs employed by a threat actor group who were observed deploying Black Basta ransomware during a recent incident response engagement, as well as a breakdown of the executable file which performs the encryption.
MetaStealer is a new information stealer variant designed to fill the void following Racoon stealer suspending operations in March of this year.
This blog post documents some of the actions taken during the initial access phase for an attack attributed to Lazarus, along with analysis of the malware that was utilised during this phase.
BUMBLEBEE is a new malicious loader that is being used by several threat actors and has been observed to download different malicious samples. This post provides our initial analysis
This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents.
This post describes the methods and techniques we observed during recent incidents that took place after the Coni data leaks.
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especially Android banking malware. Within the Threat Intelligence team of NCC Group we're looking closely to several of these malware families to provide valuable information to our … Continue reading SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store