LevelBlue Blog

Executive Summary LevelBlue Labs recently discovered a new highly evasive loader that is being delivered to specific targets through phishing attachments. A loader is a type of malware used to load second-stage payload malware onto a victim’s system.  Due to the lack of previous samples observed in the wild, LevelBlue Labs has named this malware … Read more →

Executive summary LevelBlue Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner… Read more →

Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploiting recently identified vulnerabilities (2022), and now targeting IoT devices, web servers, Android devices and content management system (CMS) servers. In addition,… Read more →

This blog was written by Ofer Caspi and Javi Ruiz. Summary LevelBlue Labs™ has recently observed the presence of a new remote access trojan (RAT) malware in its threat analysis systems. The malware, known as FatalRAT (Firstly named by @c3rb3ru5d3d53c), appears to be distributed via forums and Telegram channels, hidden… Read more →

Photo by Katie Moum on Unsplash In May, after many months of dedicated effort, our compliance team received word that a U.S. Federal Risk and Authorization Management Program (FedRAMP) moderate certification was granted for the LevelBlue Threat Detection and Response for Government solution. FedRAMP is a program coordinated by the US General Services Administration and the… Read more →