Hunting and Defeating Evasive Threats

Written by: Randy Pargman and James Quinn Threat actors spend a lot of time and energy to evade and defeat detections on their victims’ network. Threat hunters and other defenders should be aware of the sneaky techniques that are most often used and adjust their tactics to catch the threats and put a stop to their access. In this blog post, […]

Emotet Wi-Fi Spreader Upgraded

This an update to an early article regarding the emerging cyberthreat of Emotet Wifi Spreader. Executive Summary Binary Defense analysts previously discovered a stand-alone program for spreading Emotet infections over Wi-Fi networks. Although the spreader had been recently delivered by Emotet command and control (C2) servers, the program itself had not been changed for at […]

An Updated ServHelper Tunnel Variant

James Quinn, Threat Researcher for Binary Defense Executive Summary Binary Defense Researchers discovered active Command and Control (C2) servers and a new version of ServHelper, a malicious Remote Desktop Protocol (RDP) backdoor program known to be used by the threat group TA505.  TA505 is a financially motivated threat group that has been active since at […]

Revenge is a Dish Best Served… Obfuscated?

Researching new and emerging cyber threats is common practice for the Binary Defense Threat Hunting team. Recently, the threat hunters came across an interesting multi-stage vbs downloader, which was used to distribute RevengeRAT and WSHRAT.  This infection starts from an MHT file contained in a zip document sent over email, which communicates back to the […]

Binary Defense MDR Integrates Microsoft Antimalware Scan Interface Interoperability (AMSI)

With the latest release of the Binary Defense Managed Detection and Response (MDR) solution, we have now fully integrated Microsoft Windows AMSI. When looking to detect enhanced threats, especially with scripting languages and other methods of cyberattacks, AMSI provides an extensible platform for Binary Defense to get improved visibility into the latest threats and to our […]

Ransomware: what is it, and why should your organization be concerned?

Businesses of all sizes can be a target for ransomware attacks. Small business owners might think a hacker will ignore their organization in favor of a larger company with more data. In fact, small businesses are the low-hanging fruit of cybercriminals everywhere. This is partly because small-to-medium business owners think “it won’t ever happen to […]

Identifying Threats: Why Behavior Matters

Attacker methods are evolving. Join us for an upcoming webinar to learn why cybersecurity teams must identify and track suspicious behaviors and patterns to stay a step ahead.

SOC Alert! Uptick in Ursnif Distribution

Binary Defense has noticed a recent uptick in Ursnif distributed using Reply-Chain attacks and password protected .zip files across multiple clients. Inside of the .zip files will be documents containing macros which execute and reach out to a Ursnif distribution server to download the payload. The Reply-Chain attacks are carried out by infecting one victim, accessing their emails, locating […]

TrickBot: Ono! New Tricks!

tickbot flowchart

During the past few weeks, my team and I (The Binary Defense Security Operations Center Threat Hunters), have been tracking a TrickBot gtag that has been behaving differently compared to the other TrickBot gtags. In those weeks, we observed differences in its: Distribution Runtime Post-infection High-level TrickBot Exploitation Flow TrickBot’s actions in runtime Let’s look […]

Don’t Fall Victim to Wire Transfer Fraud: Tips to Stay Safe

Hackers employ a multitude of methods in order to gain access to a company’s data, but at the end of the day, they are looking for the fastest route to payday. One such method is known as a wire transfer scam. This scam has been around for a while; you’ve surely heard of the famous […]

Phishing Financial Firms is Big Business

Cyberattacks on financial institutions in the US occur at the staggering rate of approximately 30 times per second. The reality is while major news outlets report on wide-scale breaches such as the 143 million US resident records accessed in the Equifax breach, countless other successful breaches happen daily that don’t earn national headlines. Information security […]

Secure Your Site(s): Avoid SSL/TLS Certificate Expiration

security toolbox

Not too many years ago, a few websites began adding an extra layer of security in the form of Secure Sockets Layer (SSL) certification. Today, most legitimate business sites are sure to have SSL certificates installed. Many of the SSL certificates installed and available today are actually Transport Layer Security (TLS) certificates, although they are […]