REQUEST A DEMO
Featured Post ─

The “Silent Night” Zloader/Zbot

ZeuS is probably the most famous banking Trojan ever released. Since its source code leaked, various new variants are making the rounds. In the past Malwarebytes wrote about one of its forks, called Terdot Zbot/Zloader. Recently, Malwarebytes and HYAS have been observing another bot, with the design reminding of ZeuS, that seems to be fairly new (a 1.0 version was compiled at the end of November 2019), and is actively developed. Since the specific name of this malware was for a long time unknown among researchers, it happened to be referenced by a generic term Zloader/Zbot (a common name used to refer to any malware related to the ZeuS family). The investigation led us to find that this is a new family built upon the ZeuS heritage, being sold under the name "Silent Night". In our report, we will call it "Silent Night" Zbot. The initial sample is a downloader, fetching the core malicious module and injecting it into various running processes. We can also see several legitimate components involved, just like in Terdot's case. In this paper, we will take a deep dive into the functionality of this malware and its Command-and-Control (C2) panel. We are going to provide a way to cluster the samples based on the values in the bot's config files. We will also compare it with some other Zbots that have been popular in recent years, including Terdot. You can view the full report here.

HYAS Intel Team

HYAS Intel Team

May 21, 2020

Threat Reports

The “Silent Night” Zloader/Zbot
Threat Reports

The “Silent Night” Zloader/Zbot

ZeuS is probably the most famous banking Trojan ever released. Since its source code leaked, various new variants are making the...

HYAS Intel Team

HYAS Intel Team

May 21, 2020

Fraud-as-a-Service In The Time Of COVID-19
Threat Reports

Fraud-as-a-Service In The Time Of COVID-19

Any catastrophe is an opportunity for cybercriminals, and coronavirus/COVID-19 is no exception. Given public concern about the p...

HYAS Intel Team

HYAS Intel Team

April 17, 2020

Magecart Group 4 – A link with Cobalt Group?
Threat Reports

Magecart Group 4 – A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams.

HYAS Intel Team

HYAS Intel Team

October 4, 2019

Hunting APT33 Campaign Infrastructure
Threat Reports

Hunting APT33 Campaign Infrastructure

Geopolitical risk is just one of many considerations that global enterprises and institutions must factor into their businesses,...

HYAS Intel Team

HYAS Intel Team

September 20, 2019

CVE-2017-0199 Targeting Brazilian Users
Threat Reports

CVE-2017-0199 Targeting Brazilian Users

Recently we came across an interesting sample that warranted further investigation. The file in question was named “Reservar Gru...

HYAS Intel Team

HYAS Intel Team

September 10, 2019

New Advanced Phishing Kits Target Digital Platforms
Threat Reports

New Advanced Phishing Kits Target Digital Platforms

The difference between an obvious phish and a successful one is often the technical skill and attention to detail of the phish’s...

HYAS Intel Team

HYAS Intel Team

July 10, 2019

Exploring a Lokibot and Azorult Actor’s Infrastructure
Threat Reports

Exploring a Lokibot and Azorult Actor’s Infrastructure

Investigating attacker infrastructure is the bread and butter of HYAS Comox. One of the routine tasks we need to do as investiga...

HYAS

HYAS

June 15, 2019

Recent Ursnif Campaign Infrastructure - Additional Items to Keep an Eye On
Threat Reports

Recent Ursnif Campaign Infrastructure - Additional Items to Keep an Eye On

In recent months, there are has been a resurgence of Ursnif (aka Gozi ISFB) related campaigns. Since 2014, when the source code ...

HYAS Intel Team

HYAS Intel Team

June 12, 2019

Adversaries Employing new TTPs to Launch Credential Stuffing Attacks
Threat Reports

Adversaries Employing new TTPs to Launch Credential Stuffing Attacks

Over the past few months, HYAS has observed a noticeable increase in the number of credential stuffing attacks targeting multipl...

HYAS

HYAS

March 29, 2019

News

ZDNet: Silent Night Zeus financial botnet sold in underground forums
News

ZDNet: Silent Night Zeus financial botnet sold in underground forums

ZDNet coverage of threat research on the "Silent Night" Zbot published by HYAS and Malwarebytes.

HYAS

HYAS

May 22, 2020

HelpNetSecurity: HYAS Insight - A threat intelligence solution for investigation and attribution
News

HelpNetSecurity: HYAS Insight - A threat intelligence solution for investigation and attribution

HelpNetSecurity's New Product Roundup summarizes HYAS Insight announcement. 

HYAS

HYAS

March 20, 2020

Krebs on Security: French Firms Rocked by Kasbah Hacker?
News

Krebs on Security: French Firms Rocked by Kasbah Hacker?

Brian Krebs explains how a large number of French critical infrastructure firms were hacked as part of an extended malware campa...

HYAS

HYAS

March 2, 2020

Krebs on Security: The Rise of “Bulletproof” Residential Networks
News

Krebs on Security: The Rise of “Bulletproof” Residential Networks

Brian Krebs examines how cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broa...

HYAS

HYAS

August 20, 2019

Comox Maltego Transforms on the Hub!
News

Comox Maltego Transforms on the Hub!

Comox Maltego Transforms on the Hub!

HYAS

HYAS

October 2, 2018

Cyber Attribution for Enterprise
News

Cyber Attribution for Enterprise

By Ed Amoroso, CEO, TAG Cyber

HYAS

HYAS

August 22, 2018

Microsoft Pours Millions into Startup that Nails Cybercriminals
News

Microsoft Pours Millions into Startup that Nails Cybercriminals

Chris Davis, Hyas’s CEO and co-founder describe his company’s mission as providing “to-the-doorstep attribution,” meaning that i...

HYAS

HYAS

August 10, 2018

Next Generation of Information Security Technology meets the demands of growing Cybersecurity Sector
News

Next Generation of Information Security Technology meets the demands of growing Cybersecurity Sector

News release August 10, 2018 A Canadian-made cybersecurity system is making the internet safer thanks to a $475,000 investment f...

HYAS

HYAS

August 10, 2018

Uncovering The Cyberattacker, Not Just The Cyberattack
News

Uncovering The Cyberattacker, Not Just The Cyberattack

ByPYMNTS

HYAS

HYAS

August 10, 2018

Cybersecurity Pioneer HYAS Raises $6.2M Series A Round Led By M12
News

Cybersecurity Pioneer HYAS Raises $6.2M Series A Round Led By M12

VICTORIA, British Columbia – August 2, 2018: HYAS, a leading provider of attribution intelligence tools for infosec and cybersec...

HYAS

HYAS

August 2, 2018

10 to Watch 2018: HYAS Infosec
News

10 to Watch 2018: HYAS Infosec

Despite security breaches like the Equifax fiasco, the information security industry has made only marginal improvements in prot...

HYAS

HYAS

August 2, 2018