Lucene search
+L
CarbonblackMost viewed

849 matches found

Carbon Black Blog
Carbon Black Blog
added 2019/05/09 5:58 p.m.151 views

fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA

Summary This week at HITBSecConf, Takahiro Haruyama, a Senior Threat Researcher for the CB Threat Analysis Unit TAU, presented his work on fnfuzzy, a tool which aims to help researchers and reverse engineers triage samples quicker. This blog post details the motivation for and current standing of...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/08/16 6:28 p.m.147 views

CB TAU Threat Intelligence Notification: Sodinokibi Ransomware

Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...

6.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/04 2:13 p.m.146 views

CB TAU Threat Intelligence Notification: State-Sponsored Espionage Group Targeting Multiple Verticals with ‘Crosswalk’

FireEye recently reported on APT41, a Chinese state-sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditional corporate espionage purposes. Additionally this group has also targeted companies in the video game...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/05/21 1:0 p.m.146 views

4 Common Misconceptions About Threat Hunting

Editor’s Note: Sam Bocetta, a guest author on the Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. Looking for cyber threats isn't new, but threat hunting as a...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/28 9:20 p.m.143 views

TAU Threat Intelligence Notification: DarkHydrus/RogueRobin

Recently, Palo Alto Unit 42 released an updated report regarding new DarkHydrus delivery documents, which includes the installation of an updated variant of the RogueRobin trojan. This document includes details on both DarkHydrus and RogueRobin, along with detection rules and search queries that...

1.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/04 2:2 p.m.140 views

Carbon Black Cybersecurity Experts to Present in 4 Sessions at RSA 2019

We hope you’ll join Carbon Black at one of the company’s four presentations at RSA 2019. And don’t forget the company will also host a book launch and advanced signing of “Gray Day: My Undercover Mission to Expose America’s First Cyber Spy,” with Carbon Black’s National Security Strategist and...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/10/12 4:2 p.m.140 views

Partner Perspectives: SOAR with Demisto and Carbon Black

Abhishek Iyer is the Technical Marketing Manager for Demisto. Automate your Endpoint Protection and Incident Response Demisto’s security orchestration and automation platform enables organizations to standardize, automate and coordinate response processes across their security stack. Playbooks...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/15 8:55 p.m.139 views

Carbon Black Named a Finalist in 2019 Cybersecurity Excellence Awards and SC Media Awards

Carbon Black has been a leader in endpoint security for years and, yet, we’re still extremely grateful for continued recognition in the industry. Most recently, Carbon Black is honored to be recognized as a finalist in four categories for the 2019 Cybersecurity Excellence Awards including: Best...

1.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2021/01/28 9:0 a.m.138 views

VMware Carbon Black Champions Data Privacy Day 2021

Today is Data Privacy Day, an annual effort hosted by the National Cybersecurity Alliance NCSA to raise awareness about the importance of privacy and protection of personal information. VMware Carbon Black is proud to be an official Champion, supporting the principle that all organizations share...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/26 11:59 a.m.138 views

CB TAU Threat Intelligence Notification: Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself

Qbot, or Qakbot, is a banking trojan that has been seen in the wild for at least 10 years. Recent campaigns have been often delivered by exploit kits and weaponized documents delivered via context-aware phishing campaigns. Qbot has also been suspected of delivering MegaCortex ransomware. Many...

1.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/01 3:23 p.m.138 views

CB TAU Threat Intelligence Notification – Recent Emotet Campaign Leverages Phishing, PDFs & Droppers Impersonating Legitimate Applications

This past week, CB ThreatSight analysts were investigating suspicious events in an environment. This customer had installed the CB Defense sensor on a subset of systems in monitor only mode for evaluation. While investigating suspicious events, a CB ThreatSight analyst uncovered a new Emotet...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/01 3:45 p.m.137 views

TAU Threat Intelligence Notification: Shade Ransomware

Summary Recently there is a new wave of malicious spam campaign distributing Shade ransomware via sending malicious JavaScript attachments. The spam campaign was mainly targeting users from Russia, and the ransom note was written in both Russian and English. This variant of Shade ransomware will...

6.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/10/02 2:44 p.m.131 views

CB TAU Threat Intelligence Notification: Nemty Ransomware

While Nemty Ransomware is distributed by various exploit kits, its behavior is similar to other variants of ransomware. It will perform “task kill” on processes to ensure the encryption of files such as databases SQL server, perform the deletion of volume shadow copies, and disable Windows...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/05/09 8:25 p.m.131 views

Carbon Black Leaders Share the Best Advice They’ve Ever Received From Their Moms

Mother’s Day is on May 12 and right around the corner! In honor of all mothers and mother-figures, members of Carbon Black's leadership team shared advice and personal stories about the impact their mothers made on their own lives and careers. Victor Baez, VP of Worldwide Channel “Troubles come a...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/07 5:27 p.m.130 views

TAU Threat Intelligence Notification: Djvuu Ransomware

Summary Djvuu ransomware is believed to be a newer variant of the “Stop” ransomware strain, which was seen circulating in the early part of 2018. There are also similarities to the Goren-B trojan originally reported by Sophos back in 2016. Djvuu is likely to be delivered through phishing e-mail...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/22 4:50 p.m.129 views

CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code

On April 10, 2019 the US Department of Homeland Security DHS released a Malware Analysis Report MAR-10135536-8 which detailed the trojan HopLight. HopLight has been linked to different North Korean DPRK campaigns also known as the Lazarus Group. The CB Threat Analysis Unit TAU has continued to...

0.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/01 6:29 p.m.129 views

Enter to Win a Trip to #CBConnect2019 in San Diego during #RSAC19

We know RSA 2019 is exciting, but why should the fun stop in San Francisco? We want to give one of you the chance to win a trip to San Diego to attend CB Connect 2019, our premier customer and partner event, held June 4-5, 2019. This trip includes roundtrip airfare, a free pass to CB Connect 2019...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/03 3:0 p.m.127 views

CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies

GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/02/07 5:44 p.m.126 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: MailTo (NetWalker) Ransomware

MailTo is a ransomware variant that has recently been reported to have been part of a targeted attack against Toll Group, an Australian freight and logistics company. This ransomware makes no attempt to remain stealthy, and quickly encrypts the user’s data as soon as the ransomware is launched...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/11 1:52 p.m.126 views

TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency

A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...

1.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/26 6:39 p.m.125 views

Partner Perspectives: Faster Response with Carbon Black and Tines.io

Tines was founded by former DocuSign and eBay security engineers who were frustrated by existing security automation platforms. “I was leading an enterprise security team that had to work harder and harder every day just to keep up with the volume of alerts that required investigation,” said Eoin...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/08/18 7:5 p.m.123 views

Corner-Case Bug Potentially Affecting 10 Cb Response Customers

On Thursday, August 10, Carbon Black discovered a corner-case bug potentially affecting 10 Cb Response customers. The bug was introduced in April 2017 and requires a set of specific conditions to occur in order to be triggered. We have remediated the bug, proactively notified the 10 potentially...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/10/24 7:18 p.m.121 views

Threat Advisory & Analysis: ‘Bad Rabbit’ Ransomware

On October 24, a large-scale ransomware campaign spread across Europe, in campaigns closely mimicking the NotPetya attacks from earlier this year. Just as was the case with NotPetya, the sample appeared to spread through traditional methods of making SMB connections within a corporate environment...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/08/30 5:0 p.m.118 views

“The 101” – Episode 8 – What Makes a Trojan… a Trojan?

We’re back with another episode of The 101! This weekly security series aims to define endpoint security one question at a time. Tune in each week as we tackle a new term, concept, or comparison in our ongoing effort to provide clear definitions. This week we’re going to profile a type of malware...

6.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2021/02/03 11:0 a.m.117 views

The State of Healthcare Cybersecurity: VMware Carbon Black Explores the Surge in Cyber Threats

On the frontline of the pandemic, perhaps no industry was impacted and forced to innovate and transform as quickly as healthcare in 2020. Whether it was the rapid development of COVID-19 testing technology or the explosion of telehealth, healthcare organizations accelerated digital transformation...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/05 5:8 p.m.116 views

CB Threat Analysis Unit Technical Breakdown: GermanWiper Ransomware

Editor's Note: The TAU-TIN related to this write up can be located here. GermanWiper Ransomware was found distributed via spam email campaign in Germany. It’s a data-wiping malware and the ransom note was written in German language. The malware pretends to be ransomware but is actually a wiper th...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/07/14 3:0 p.m.115 views

Carbon Black and Siemplify Announce Integration Partnership

Carbon Black and Siemplify are excited to announce a partnership to deliver a fully integrated solution for incident response. By combining forces, Siemplify and Carbon Black will provide clients around the world with stronger prevention, detection and response strategies and capabilities. The...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/08/12 1:2 p.m.114 views

CB TAU Threat Intelligence Notification: Smominru Botnet Leverages New Attack Techniques

Carbon Black’s Threat Analysis Unit TAU and CB ThreatSight discovered the resurgence of a previously active crypytomining botnet campaign called Smominru. This campaign has evolved since its original discovery in the latter half of 2017, leveraging new techniques including LOLbins, polymorphic...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/07/08 5:0 p.m.113 views

How Carbon Black is Prioritizing Living Off the Land Attacks Part 2

What are Living Off the Land LoL Attacks? In recent years, Living off the Land Binaries and Scripts LoLBas have become increasingly popular tools for cybercriminals. These types of attacks leverage native, signed, and often pre-installed applications in malicious ways that their creators never...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/03/28 2:52 p.m.113 views

CB TAU Threat Intelligence Notification: CryptoMix Clop Ransomware Disables Startup Repair, Removes & Edits Shadow Volume Copies

Summary A wew variant of CryptoMix Clop ransomware has been distributed as a binary that is digitally signed and verified which makes it look like a legitimate executable. In addition, CryptoMix Clop ransomware will append ‘.clop’ or ‘.ciop’ as a file extension to the encrypted file and drop a...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/25 3:56 p.m.112 views

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/10/23 1:0 p.m.111 views

Partner Perspectives: The Power of Shared Intelligence: Juniper Sky ATP and Cb Response

Scott Emo is the Director of Field Readiness, Security, for Juniper Networks. Uncover and Mitigate the Most Sophisticated Cyber Attacks The rapid growth of emerging technologies, combined with an increasing number of connected devices running business-critical applications in highly distributed...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/23 3:55 p.m.110 views

CB TAU Threat Intelligence Notification: Formbook Harvests Data By Intercepting Clients

Formbook is an information stealer which has been around for the past few years. Formbook acts as a form grabber which harvests credentials, passwords, banking details, key strokes and network requests, by intercepting web browser and other clients such as email and IM. The particular sample...

0.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/06/05 5:30 p.m.110 views

Partner Perspectives: 3 Tips for Starting a Threat Hunting Program

Peter Silberman is the Director of Detection & Response, Innovation at Expel. Mary Singh is a Detection and Response Lead at Expel. So, you want to build a threat hunting program…but where do you start? There are lots of ways to build a threat hunting program for your own org and depending on you...

6.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/16 3:38 p.m.110 views

CB TAU Threat Intelligence Notification: Danabot Trojan Targets Financial Services Industry via Stolen Credentials

Summary Danabot is a banking trojan written in the Delphi programming language. Delivery methods are typically via phishing emails that contain malicious attachments, which further call out to download the main payload using PowerShell or VBScript. Danabot is modular in nature and has capabilitie...

3.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/24 12:59 p.m.109 views

CB TAU Threat Intelligence Notification: Common to Russian Underground Forums, AZORult Aims to Connect to C&C Server, Steal Sensitive Data

AZORult is an info stealing trojan that will steal various sensitive data from the victim's computer. It is commonly sold in Russian underground forums and is often actively being delivered via spear-phishing campaigns or, as in the recent attack, distributed via a fake website, pretending to be...

0.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/08 4:0 p.m.107 views

The Need for an Updated Kill Chain

“Cyber Kill Chain” The “Cyber Kill Chain”—created in 2011 by Lockheed Martin—was designed to be a model that “identifies what…adversaries must complete in order to achieve their objective.” This framework has been widely used through the cybersecurity world and informs prevention-heavy strategy. ...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/01/31 5:51 p.m.106 views

The Future of Endpoint Security is the Cloud, Part 1: Predictive Security

Security Meets Big Data Technology has certainly empowered the adversary, across far more attack surfaces than just endpoints alone. In fact, many other security disciplines have been forced to adapt to increasingly sophisticated attacks — and when they do, they all turn to the same foundation: b...

6.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/01/25 8:27 p.m.106 views

Carbon Black Named a Visionary in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms

For the second consecutive year, Carbon Black has been named a “Visionary” in Gartner’s Magic Quadrant for Endpoint Protection Platforms. For this year’s edition of the MQ, Gartner evaluated Cb Defense, our flagship solution built on the Cb Predictive Security Cloud ™ PSC. Our vision for the PSC ...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/05/08 5:0 p.m.104 views

8 Live Queries That Will Speed Up Your Next PCI Audit

It’s no secret that kicking off any kind of compliance audit can be a slow, tedious project. This is especially true when it comes to performing a pre-assessment gap analysis for PCI-DSS. Ask any qualified security assessor QSA, and they’ll tell you that the data gathering, scoping, and gap...

0.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/08/28 7:55 p.m.104 views

Threat Analysis: Word Documents with Embedded Macros Leveraging Emotet Trojan

Many customers have recently asked how Carbon Black's solutions detect macros and droppers specifically referencing Emotet dropper files. Customers often say that macros and droppers are an ongoing problem in their environments. They are also seen day-to-day by most practitioners. The analysis...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/13 4:43 p.m.103 views

VMware Carbon Black TAU Threat Research: Visualizing Ransomware with MITRE ATT&CK

If no one had ever heard of ransomware prior to May 2017, then one thing that is fairly certain is that the WannaCry ransomware outbreak unquestionably put ransomware on the security radar, and sent shivers up CISO’s and analysts’ spines for the weeks and months that followed. Only a few weeks...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/07/30 4:40 p.m.103 views

CB Customer Spotlight: Q&A with Chick-fil-A’s Geoffrey Cole

In his 3-year tenure at Chick-fil-A’s Atlanta headquarters, Geoffrey Cole has already made a big impact in the company’s cybersecurity posture. Starting in systems engineering, Cole then moved to managing the endpoint security suite for both the corporate hub and satellite restaurants, and now...

7.4AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/09/12 7:28 p.m.103 views

Carbon Black Report: An Evolution of Cyberattacks

Quarterly Incident Response Threat Report An Evolution of Cyberattacks From Grab-and-Go Breaches to Long-Term Campaigns The data in this report reveals that today’s cyberattacks manifest as increasingly complex, long-term campaigns. Employing high-level tools and techniques, attackers set out to...

1.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/07/16 12:17 p.m.101 views

Partner Perspectives: From Alert to Action: How VMRay Provides Carbon Black with Detail-Rich Threat Intelligence

Good things happen when two leaders in their respective fields bring together their complementary capabilities. That’s the case with Carbon Black’s deep expertise in endpoint detection and response EDR and VMRay’s singular focus on dynamic malware analysis. The sum ends up being even greater than...

Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/08/27 11:27 p.m.100 views

CB Partner Spotlight Series: Slipstream Cyber Security

Slipstream Cyber Security is a managed cyber-security service provider enterprise with a Cyber Security Operations Centre CSOC is located in Perth, Western Australia. Staffed by experienced security professionals with backgrounds in cyber operations, anti-fraud, intelligence and more, the team...

0.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/05/14 3:48 p.m.100 views

CB TAU Threat Intelligence Notification: JCry Ransomware Pretends to be Adobe Flash Player Update Installer

JCry is a new family of ransomware that has the unique characteristic of being written in the Go programming language and being delivered as multiple executables, each with their own purpose. It was pretending to be an Adobe flash player update installer on a compromised website to lure users to...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/07/10 11:45 a.m.100 views

Customer Case Study: Stonewall Kitchen Prevents a New Trend in Malware with Carbon Black

In the retail industry, a new level of security and compliance challenges have emerged making IT’s role even more pivotal and challenging. This is certainly the case for Stonewall Kitchen, creator of specialty food products. Since the company does all of their own manufacturing, distribution,...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/29 4:10 p.m.99 views

TAU Threat Intelligence Notification: BlackRouter Ransomware

According to the article from BleepingComputer, BlackRouter Ransomware was being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. BlackRouter Ransomware will append ‘.BlackRouter’ as file extension to the encrypted file. In addition, it will attempt to delete volume shad...

6.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/17 4:24 p.m.99 views

TAU Threat Intelligence Notification – Crypt0r Ransomware

Summary Crypt0r ransomware is a new strain of ransomware that operates similar to WannaCry and NotPetya. When executed, it first checks for a hardcoded mutex value, and if it isn’t found, creates it as “crypt0r-mutex”. It then retrieves the temporary path of the currently logged in user, and...

7AI score
Exploits0
Total number of security vulnerabilities849