Search All RSA Blogs

SuperCMD RAT

On April 8th, an interesting DLL was uploaded from Canada to VirusTotal. What makes it interesting is that the detections on VirusTotal are mostly heuristics and do not settle on a single family. The malware is also configured to beacon to an RFC1918 internal IP address, however, the name 816db8a1916201309d2a24b4a745305b.virus indicates it was picked up...

Read more

Cat-Phishing Hackers for Fun and Profit

On June 14th, 2017, a new variant of ZXShell appears to have been uploaded from the Marmara region of Turkey. The Trojan itself is well known and contained x32 and x64 rootkits. This blog describes the functionality of ZXShell, as well as the associate rootkits. The Trojan source code is available here. Metadata File Name:...

Read more

Three Ways to Ensure We Win the AI Cyber Arms Race

Artificial Intelligence – cybersecurity friend or foe?

Read more

The Realm of Threat Intelligence - Journey from the past into an Advanced SOC

Using Intelligence to gather information on your adversary is not a new concept, Military and Government Agencies have been involved gathering information to use against their opponents since the days of Sun-Tzu and Chanakya. Cyber Intelligence has also been the domain for Government agencies like the UK’s GCHQ and the US’s NSA for many years;...

Read more

The Realm of Threat Intelligence - Attack Scenarios and Use Cases

The three previous blogs in this series have covered Packet Analysis, Log Analysis and Threat Intelligence; this final article aims to bring all of this information into one cohesive solution for any SOC or Cyber Defence organisation. For further reading on this subject please see our presentation at last year’s RSA Conference in Abu Dhabi...

Read more