Blog

Category: Malware

Decreasing Dwell Time - How Long Intruders Go Undetected

The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...

Read More

Doing Threat Intel the Hard Way - Part 1: Manual IOC Management

Part #1:  Introduction to Manual IOC Management for Threat IntelligenceThis is the first post of a series on manual management of IOCs for threat intelligence.Threat Intelligence is a popular topic in security circles these days. Many organizations are now utilizing a threat feed that comes bundled with some...

Read More

SymHash: An ImpHash for Mach-O

In the past the Windows Portable Executable (PE) format has been analyzed far and wide due to the historical large scale adoption of the platform. In contrast the Mach-O binary format (executable file format used by MacOS X, IOS, and other Mach based systems) has received much less attention. This...

Read More

10 Malware Facts Corrected

Discovering that a terminal on your network has been infected with a malicious program is, at the very least, an inconvenience and more often than not results in loss of productivity and a costly cleanup process. For large-scale organizations, malware can lead to a catastrophic data breach or loss of...

Read More

How Do the Dangers of Malware Affect SMEs?

Stories about high profile hacking incidents dominate the news coverage of online threats. These pieces do some good in warning us about the devastation that can result in a breach. However, small businesses account for 54% of all sales in the US. The narrative warning of hackers who target businesses would...

Read More

Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks

Five new additional pieces of malware code discovered that contain unique portions of code related to the the SWIFT attacks.Recently, malware analysts at Symantec discovered two subroutines that were shared amongst North Korea’s Lazarus’ groups Operation Blockbuster malware and two samples of malware from the recent...

Read More

Anomali Labs: Evidence of a New Framework POS Campaign

Anomali labs research team has come across a new FrameworkPOS campaign that seems to be slowly picking up. This campaign although is not as big as the former ones found during our initial research still gives us clues about how active the actors behind this activity are.Samples observed During...

Read More
Register for a Free Anomali Account Register now