Partner Perspectives: Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)

(Editor’s Note: this blog originally appeared on RedCanary.com)

Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the year...

VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus

On February 14, 2020 the U.S. Department of Homeland Security (DHS) released a Malware Analysis Report (MAR-10271944-1.v1) which provided information about a trojan they referred ...

Latest Malware Uses Compiled AutoIT Script to Masquerade As Photoshop CS6 Installer

Malware comes in all shapes, sizes, and languages to make defending against attacks more difficult. One of the nefarious ways malware attempts to hide is by masquerading as a legi...

Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior

How I Quit Freaking Out Over Strange Network Traffic

This past weekend I received one of the most dreaded messages a SecOps member can get: “I think someone is trying to get into my account.”
I immediately ran over to my lapto...

How to Investigate a Bitcoin Mining Malware Infection

In my previous blog, I explained Bitcoin mining and provided an overview of a new type of malware used by malicious Bitcoin miners. In today’s post, I take a closer look at a spec...

Partner Program Terms and Conditions

Threat Analysis: Word Documents with Embedded Macros Leveraging Emotet Trojan

Many customers have recently asked how Carbon Black’s solutions detect macros and droppers (specifically referencing Emotet dropper files). Customers often say that macros a...

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document (.doc) believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit (TAU). The submitting organization did not feel that that d...

Demo: Hunting the Sony Wiper Malware, ‘Destover,’ Using Carbon Black

There has been a lot of coverage about the malware known as Destover.
Several hashes have been released by US-CERT, the FBI and other organizations. This blog examines how y...