Cipher Tech analysts monitoring VirusTotal for BlackMatter ransomware activity discovered new variants of BlackMatter malware self-reporting as versions 1.9 and 2.0. The new BlackMatter malware samples contain additional functionality, changes to the configuration data, and version 2.0 additionally introduces changes to the configuration decryption algorithm. Cipher Tech analysts developed an ACCE module to automate the extraction of BlackMatter malware’s configuration data. Cipher Tech’s analysis reveals
Continue readingCategory Archives: Uncategorized
ACCE Indicators of Compromise (IOCs)
All IOCs associated with Cipher Tech blog posts can be found at https://github.com/ciphertechsolutions/acce_iocs.
Continue readingRoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
In a recent collaboration to investigate a rise in malware infections featuring a commercial Remote Access Trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in Q1-2021. With over 1,300 malware samples collected, our teams analyzed the delivery of a new variant of the RoboSki packer, a packer being widely used to thwart detection and ultimately deliver commodity RATs to enterprise networks.
Continue reading