ACCE Release Notes v2.0.20230406

Newest release notes concerning the likes of ToxicEye RAT, WhiteSnake Stealer, Eternity Stealer and Ransomware, Jaca Downloader (Part of Jaca Framework), Raven RAT, SomniRecord Backdoor, HiatusRAT, SysUpdate malware, including Shikata Ga Nai customization.

Continue reading

ACCE Release Notes v2.0.20230314

As we continue to add support to ACCE, we want to provide transparency into how we are producing these modules. To that end, we are creating an open-source version of ACCE, called os_acce_parsers, which can be found on our GitHub.

Continue reading

ACCE Release Notes v2.0.20230223

With the recent wave of OneNote documents being used to deliver malware, we added support in ACCE to extract those malicious components for further analysis. Added support also for Royal Ransomware, Collector Stealer and others, as well as updated support for Snow Loader and more.

Continue reading

ACCE Release Notes v1.8.20230124

This release consists of the following:

Recategegorized LoopAddTS as DarkWire Crypter and added support for Crypter and Shellcode variants

Added support for Turian Backdoor

Added support for reported Turla malware

Added support for Silence Group malware

Continued kordesii conversions to dragodis/rugosa

Continue reading

ACCE Release Notes v1.8.20230105

Happy New Year! Please find our first release notes of the year below, with much more to come in 2023!

As a reminder, you can create an account on our Research ACCE instance to view the examples provided in the links.

Continue reading

ACCE Release Notes v1.8.20221220

As we continue adding support to ACCE, we wanted to provide more information about where are efforts are being directed, and are starting a new series that will correspond with new ACCE releases, dubbed “Release Notes”.

Each post will describe what the new release consists of, in terms of new or updated support, and will typically include links to example results on our Research ACCE instance.

Continue reading

Rapidly Evolving BlackMatter Ransomware Tactics

Cipher Tech analysts monitoring VirusTotal for BlackMatter ransomware activity discovered new variants of BlackMatter malware self-reporting as versions 1.9 and 2.0. The new BlackMatter malware samples contain additional functionality, changes to the configuration data, and version 2.0 additionally introduces changes to the configuration decryption algorithm. Cipher Tech analysts developed an ACCE module to automate the extraction of BlackMatter malware’s configuration data. Cipher Tech’s analysis reveals

Continue reading