Blog

Russia-nexus actor targets Ukraine

Russia-nexus actor targets Ukraine

Russian attackers continue to bypass detection technologies with simplistic yet effective techniques. In this blog we examine a campaign targeting Ukraine leveraging email attachments less than 150 bytes, which seem to bypass certain tools.

July 24, 2024 by StrikeReady Labs3 minutes

This ELF is not your buddy

This ELF is not your buddy

The volume of Linux malware is orders of magnitude less than for other operating systems, and as such, has fewer eyeballs researching it. Analysts don't want to spend thousands of hours building detection systems for threats that they will never see. However, for an enterprising hunter, this lack of prevalence can work in your favor --- if your enterprise only sees one or two ELF email attachments per year, you can afford to give each a quick eyeball.

June 27, 2024 by StrikeReady Labs6 minutes

Armageddon is more than a Grammy-nominated album

Armageddon is more than a Grammy-nominated album

Russian government hackers continue to leverage novel techniques for defeating automated analysis systems. In this blog, we examine a simple html trick for waiting for a user to jiggle the mouse before executing the malicious javascript.

June 24, 2024 by StrikeReady Labs5 minutes

Protecting against Dangling DNS hijacking is more than good hygiene
Finding the unknown unknowns, part 1
Rattling the cage of a Sidewinder
Don't get BITTER about being targeted -- fight back with the help of the community.
Stealing your email with a .txt file
Pivoting through a Sea of indicators to spot Turtles