Technical Analysis of the Malspam Pushing Kovter Payload & Nemucode Ransomware – Part I

Summary On July 3, 2017, Myonlinesecurity (Twitter @dvk01uk) reported a new spam campaign targeting organizations around the world with a new Nemucod ransomware and a Kovter payload. The victims that were targeted in this campaign received a phishing email from “UPS Parcel” service. The email also included a ZIP file attachment and the […]

Read More

Discovering Process Hollowing Injection in Memory – DarkComet Use Case

Summary DarkComet Remote Administration/Access Tool (RAT) is an application that provides remote access and administration to remote systems. Typically, the creators of this RAT can determine its capabilities during the creation process. However, some of the common DarkComet capabilities include (and are not limited to) keylogging of system and keyboard […]

Read More