Blog

The latest from Swascan: news, stories and events from the company and the Cyber world.

Qakbot; Black Basta ransomware delivery

Qakbot; Black Basta ransomware delivery

Qakbot, also known as Qbot, is a banking malware and infostealer that primarily spreads through phishing emails and exploit kits. It was first discovered in 2008 and has since been a significant problem for organizations and users globally. Qakbot is designed to infect Windows operating systems and take control of computers and corporate networks. Once […]

DISCOVER MORE
Security Advisory: Dolibarr 17.0.0 PHP Code Injection

Security Advisory: Dolibarr 17.0.0 PHP Code Injection

Swascan Offensive Security Team has identified a vulnerability on Dolibarr 17.0.0. The vulnerability can be tracked with id CVE-2023-30253. The vulnerability has been fixed in Dolibarr 17.0.1. Product description Dolibarr ERP & CRM is a modular software of business management which adapts to the size of the company (SME, Large companies, Frelancers or associations). Technical […]

DISCOVER MORE
LockBit MacOS Malware Analysis 

LockBit MacOS Malware Analysis 

Important elements of the analysis:  Introduction  In the present analysis, a sample of LockBit (macOS variant) with hash abf01633960dd77c6137175a21fccf34 was considered.  The artifact is developed in C++ and compiled with macOS SDK 11.3.0 with ARM architecture.  Below is a detail of the hexadecimal code of the entrypoint address 10000b0d4:  Malware assessment  By examining the assembly […]

DISCOVER MORE
Report: Wipers – Hackmageddon’s ultimate weapon

Report: Wipers – Hackmageddon’s ultimate weapon

In the present analysis, some of the most widespread Wiper malware was considered. Important elements of the analysis: Recently, a new threat is posing a serious risk to the cybersecurity of companies and administrations around the world: these are “Wiper” malware, which are designed to erase data on infected computer systems, causing irreparable damage to […]

DISCOVER MORE
Press release: Tinexta Cyber makes an exponential leap in cybersecurity with Google Cloud’s Chronicle

Press release: Tinexta Cyber makes an exponential leap in cybersecurity with Google Cloud’s Chronicle

Milano, April 13th 2023 – Tinexta Cyber (Tinexta Group’s Cyber Business Unit) announced today a partnership with Google Cloud that will make more effective defense systems available on the market to deal with cyber threats. The agreement will allow the companies belonging to Tinexta Group’s cybersecurity unit, namely Corvallis, Swascan, and Yoroi, to access Google […]

DISCOVER MORE
Beep Malware: static and dynamic analysis

Beep Malware: static and dynamic analysis

Important elements of the analysis: Introduction  In the present analysis, a sample of Beep malware with hash ab5dc89a301b5296b29da8dc088b68d72d8b414767faf15bc45f4969c6e0874e was taken in consideration. The threat in question has become rather well known within the security community due to the fact that it uses multiple and advanced anti-VM, anti-debugging, evasion, and anti-analysis techniques. The malware performs the […]

DISCOVER MORE
SwiftSlicer: Malware Analysis

SwiftSlicer: Malware Analysis

Important elements of the analysis: Summary INTRODUCTION:……………………………….. 1 STATIC ANALYSIS:…………………………..2 DECOMPILING, DEBUGGING AND DYNAMIC ANALYSIS:……………………………24 References:……………………………42 IOCs.:………………………42 YARA Rule:…………………………..42 CONCLUSIONS:…………………………….42 INTRODUCTION: SwiftSlicer is a new wiper malware, developed by Russian cybercrime groups to attack Ukrainian targets, yet another cyberthreat element that goes hand in hand with the current geopolitical crisis between the two countries. It […]

DISCOVER MORE
BlackCat Ransomware: analysis of the evolution of the threat

BlackCat Ransomware: analysis of the evolution of the threat

Important elements of the analysis:   INTRODUCTION  BlackCat is a ransomware gang of russian origin that began its cybercrime activities in November 2021.   The specific sample under analysis was compiled on 23rd January 2023 and has some different characteristics compared to older BlackCat Ransomware samples. In detail, there is more attention paid to the use of […]

DISCOVER MORE
Lockbit and Babuk Ransomware Data Leaks analysis

Lockbit and Babuk Ransomware Data Leaks analysis

Intro: The evolution of ransomware over the last five years has certainly been characterised by an unprecedented rate of growth and innovation. The transformation of what were almost ‘artisanal’ and not particularly targeted operations into full-fledged online crime franchises has no comparison in this world’s (albeit recent) past. Towards the end of 2022, we witnessed a […]

DISCOVER MORE
Swascan partners with Cloudflare to enhance SoC services

Swascan partners with Cloudflare to enhance SoC services

Swascan partners with Cloudflare to enhance SoC services and bring Cloudflare One Zero Trust solutions to the Italian market Milan XXXX 2022 – Swascan, the innovative Cyber Security company, has announced a new go-to-market partnership with Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet. The two companies […]

DISCOVER MORE
Read more