LevelBlue Blog

Executive Summary LevelBlue Labs recently discovered a new highly evasive loader that is being delivered to specific targets through phishing attachments. A loader is a type of malware used to load second-stage payload malware onto a victim’s system.  Due to the lack of previous samples observed in the wild, LevelBlue Labs has named this malware … Read more →

Executive summary Crypto miners are determined in their objective of mining in other people's resources. Proof of this is one of the latest samples identified with LevelBlue Labs, with at least 100 different loaders and at least 4 different stages to ensure their miner and backdoor run smoothly in the infected systems. Key takeaways: Attackers have been sending malicious attachments,… Read more →

This blog was written by Ofer Caspi and Javi Ruiz. Summary LevelBlue Labs™ has recently observed the presence of a new remote access trojan (RAT) malware in its threat analysis systems. The malware, known as FatalRAT (Firstly named by @c3rb3ru5d3d53c), appears to be distributed via forums and Telegram channels, hidden… Read more →

Executive summary LevelBlue Labs™ has observed new activity that has been attributed to the Lazarus adversary group potentially targeting engineering job candidates and/or employees in classified engineering roles within the U.S. and Europe. This assessment is based on malicious documents believed to have been delivered by Lazarus during the last few months (spring 2021). However, historical analysis shows… Read more →

This blog was jointly authored with Ofer Caspi. Executive summary The ransomware-as-a-service (RaaS) operation behind REvil have become one of the most prolific and successful threat groups since the ransomware first appeared in May 2019. REvil has been primarily used to target Windows systems. However, new samples have been identified targeting Linux systems. LevelBlue Labs™ is closely monitoring the… Read more →