ACCE Release Notes v1.8.20221220

As we continue adding support to ACCE, we wanted to provide more information about where are efforts are being directed, and are starting a new series that will correspond with new ACCE releases, dubbed “Release Notes”.

Each post will describe what the new release consists of, in terms of new or updated support, and will typically include links to example results on our Research ACCE instance.

Continue reading

Rapidly Evolving BlackMatter Ransomware Tactics

Cipher Tech analysts monitoring VirusTotal for BlackMatter ransomware activity discovered new variants of BlackMatter malware self-reporting as versions 1.9 and 2.0. The new BlackMatter malware samples contain additional functionality, changes to the configuration data, and version 2.0 additionally introduces changes to the configuration decryption algorithm. Cipher Tech analysts developed an ACCE module to automate the extraction of BlackMatter malware’s configuration data. Cipher Tech’s analysis reveals

Continue reading

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

In a recent collaboration to investigate a rise in malware infections featuring a commercial Remote Access Trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in Q1-2021. With over 1,300 malware samples collected, our teams analyzed the delivery of a new variant of the RoboSki packer, a packer being widely used to thwart detection and ultimately deliver commodity RATs to enterprise networks.

Continue reading