On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. In this post, we answer your questions that we didn’t answer during webinar.

Reports

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020.

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

Security technologies

Applied YARA training Q&A

Detecting unknown threats: a honeypot how-to

How to confuse antimalware neural networks. Adversarial attacks and protection

How we protect our users against the Sunburst backdoor

Adaptive protection against invisible threats

Lookalike domains and how to outfox them

Looking at Big Threats Using Code Similarity. Part 1

ATT&CK Evaluation results: visual perspective

Neutralization reaction

Features of secure OS realization

Deceive in order to detect

VDI: Non-virtual problems of virtual desktop security, and how to solve them for real

Disbanding the ‘Zoo’

Indicators of compromise as a way to reduce risk

Zero day exploits: now available for cars

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

Subscribe

Reports

BlueNoroff introduces new methods bypassing MoTW

Ransomware and wiper signed with stolen certificates

DeathStalker targets legal entities with new Janicab variant

APT trends report Q3 2022

Subscribe to our weekly e-mails