This is the report for the new Babuk Ransomware that recently appears at the beginning of 2021.Since this is the first detection of this malware in the wild, it’s not surprising that Babuk is not obsfuscated at all. Overall, it’s a pretty standard ransomware that utilizes some of the new techniques we see such as multi-threading encryption as well as abusing the Windows Restart Manager simila… Read more
Malware Analysis Tool: retoolkit
Retoolkit is a Reverse Engineering and Malware Analysis tool developed by the Mentebinaria group. It aims to provide a set of useful utilities for binary analysis and reverse engineering which includes various tools such as disassemblers, debuggers, hex editors, and memory viewers. It supports a wide range of platforms including Windows, Linux, macOS, and even some embedded systems…Read more
Lockbit Ransomware V2.0
On 4 February 2022, the FBI issued a FLASH security advisory on Indicators of Compromise (IOCs) associated with LockBit 2.0 ransomware, one of the most active ransomware groups in the current cybercrime ecosystem. The LockBit gang (aka Bitwise Spider) are the developers of the LockBit Ransomware-as-a-Service (RaaS). LockBit ransomware first appeared in Se…Read more
Play Ransomware
PLAY Ransomware (aka PlayCrypt) campaigns have been active since at least mid-July 2022. Up to five ransom notes of PLAY Ransomware have been uploaded to VirusTotal so far. In mid-August 2022, the first public case of PLAY Ransomware was announced when a journalist uncovered that Argentina’s Judiciary of Córdoba was victimized…Read more