Our main focus this week is on Astaroth. This is a malware family that has been targeting Brazil with a variety of lures, including COVID-19-themed documents, for the past nine to 12 months. Astaroth implements a robust series of anti-analysis/evasion techniques, among the most thorough we've seen recently. We have the full rundown of the threat and our protections against it.
And, as always, we have the latest Threat Roundup where we go through the top threats we saw — and blocked — over the past week.
Upcoming public engagements
Event: “Dynamic Data Resolver IDA plugin” at NSEC Online
Location: Streaming on Twitch
Date: May 15
Speakers: Holger Unterbrink
Synopsis: Holger will walk through a recent plugin he developed for IDAPro. The plugin can significantly improve the analyzing time of malware samples. Additionally, I think the plugin architecture and the DynamoRIO features are opening many interesting opportunities for own extensions and use cases.
Event: “Everyone's Advanced Now: The evolution of actors on the threat landscape” at Interop Tokyo 2020Location: Streaming on the conference's websiteDate: June 10 - 12Speakers: Nick BiasiniSynopsis: In the past, there were two clear classes of adversary an enterprise would face: sophisticated and basic. These basic threats were commodity infections that would require simple triage and remediation. Today, these commodity infections ..
Support the originator by clicking the read the rest link below.