Hide your Hypervisor: Analysis of ESXiArgs Ransomware

blank

Hide your Hypervisor: Analysis of ESXiArgs Ransomware

Today many businesses rely on virtualization technology to run and scale their infrastructure. One of the most popular Hypervisor systems on the market is VMware ESXi, which is regularly targeted in Ransomware attacks for the last 3+ years to increase damage to the victims IT systems.

N-W0rm analysis (Part 2)

We will first begin at the entry point of this RAT and analyze its executed code before we jump into all possible modules this RAT possesses.

N-W0rm analysis (Part 1)

According to Malware Bazaar, samples have been distributed since around mid-January. The final payload is a .NET RAT, which allows the attacker to send commands to the infected system.

Digital threat: Phishing

In order to protect one’s own company against phishing, awareness must first and foremost be created among employees. This can be done through workshops, phishing simulation or company policies.

Digital Threats: Ransomware

In order to shed some light on the subject, we would like to look at a few facts and figures about ransomware as well as a typical course of attack.

Incident Response Diary – Compromised Email box

That a compromised mailbox is an extremely unpleasant situation is something everyone should be able to imagine. In a recent case we have investigated, attackers have been particularly clever.

Digital Forensics – Triage

In this article, we will look at artifacts that should always be collected during an incident on a Windows-based system to get the best possible picture of what happened.