With the recent wave of OneNote documents being used to deliver malware, we added support in ACCE to extract those malicious components for further analysis. Added support also for Royal Ransomware, Collector Stealer and others, as well as updated support for Snow Loader and more.
Continue readingACCE Release Notes v2.0.20230208
With recent updates to DC3-MWCP enabling recursion through the use of YARA matching, we updated the ACCE backend to facilitate this workflow, prompting a major version increment to 2.0.
Continue readingACCE Release Notes v1.8.20230124
This release consists of the following:
Recategegorized LoopAddTS as DarkWire Crypter and added support for Crypter and Shellcode variants
Added support for Turian Backdoor
Added support for reported Turla malware
Added support for Silence Group malware
Continued kordesii conversions to dragodis/rugosa
Continue readingACCE Release Notes v1.8.20230105
Happy New Year! Please find our first release notes of the year below, with much more to come in 2023!
As a reminder, you can create an account on our Research ACCE instance to view the examples provided in the links.
Continue readingACCE Release Notes v1.8.20221220
As we continue adding support to ACCE, we wanted to provide more information about where are efforts are being directed, and are starting a new series that will correspond with new ACCE releases, dubbed “Release Notes”.
Each post will describe what the new release consists of, in terms of new or updated support, and will typically include links to example results on our Research ACCE instance.
Continue readingRapidly Evolving BlackMatter Ransomware Tactics
Cipher Tech analysts monitoring VirusTotal for BlackMatter ransomware activity discovered new variants of BlackMatter malware self-reporting as versions 1.9 and 2.0. The new BlackMatter malware samples contain additional functionality, changes to the configuration data, and version 2.0 additionally introduces changes to the configuration decryption algorithm. Cipher Tech analysts developed an ACCE module to automate the extraction of BlackMatter malware’s configuration data. Cipher Tech’s analysis reveals
Continue readingACCE Indicators of Compromise (IOCs)
All IOCs associated with Cipher Tech blog posts can be found at https://github.com/ciphertechsolutions/acce_iocs.
Continue readingRoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
In a recent collaboration to investigate a rise in malware infections featuring a commercial Remote Access Trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in Q1-2021. With over 1,300 malware samples collected, our teams analyzed the delivery of a new variant of the RoboSki packer, a packer being widely used to thwart detection and ultimately deliver commodity RATs to enterprise networks.
Continue reading