According to recent reports, cyberattacks rose by 75% in the third quarter of 2024 compared to the same period in the previous year and by 15% compared to the second quarter of 2024. This alarming trend clearly shows that companies are more than ever required to...
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.14.0. It includes updates in several sections Many new malware and hack tool signature names More interesting folders to monitor more closely The Virustotal assessments line has been reduced You can...
As part of our commitment to sharing valuable threat intelligence and detection insights, we're excited to announce the launch of a dedicated Twitter account for Nextron Research: @nextronresearch. This account will be our team's platform for sharing detailed...
Introduction Lynx ransomware is a newly emerged and sophisticated malware threat that has been active since mid-2024. Lynx ransomware has claimed over 20 victims across a range of industries. Once it infiltrates a system, it encrypts critical files, appending a...
In this blog article, we will talk about how you can use THOR to scan Docker images. Consider the following use case: Before using an upstream Docker image, you want to precheck it for known IOCs and backdoors. THOR can help you with this!Prerequisites Docker image...
ASGARD Analysis Cockpit’s new version 2.8.2 features an open API to interface with all major sandbox vendors. It ships with presets for Cuckoo Sandbox and even allows to connect multiple different sandboxes at the same time. Today users can configure THOR scans in...
We are working on a THOR scanner version that brings our well-known compromise assessments and thousands of YARA rules to IBM's AIX®. Subscribe here to get noticed once beta testing and a stable version is available. * no advertisements - just two emails, one for the...
As previously announced our YARA rule packs and feeds will be available in March/April 2019. We've put a lot of effort into a internal system named "Mjolnir" that parses, normalizes, filters, tags and automatically modifies our rule base, which contains more than 9000...
With the upcoming version 8.53 of THOR, we're testing a new feature called "Difference" or "Diff" mode (--diff). The idea behind "Diff" mode is that a scan could be much faster, if it would only consider elements that have been created or changed since the last scan...
Working in incident response or malware analysis, you may have come across compromised and sometimes revoked certificates used to sign malware of different types. Often threat groups use stolen certificates to sign their malware. I'd like to show you an easy way to...
Download the newest version of our Antivirus Event Analysis Cheat Sheet here. --- Update 09.09.18 10:30am CET Thanks to Markus Neis, I've updated version 1.4 and created a version 1.5 just a few hours after my tweet. You can download version 1.5 here.
It has been a while since I wrote "How to Write Simple but Sound Yara Rules - Part 2". Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to yarGen and...