Unit 42 investigates QtBot downloader used to distribute Trickbot and Locky.
Unit 42 investigates the StegBaus loader which contained many advanced data hiding techniques and has been seen delivering numerous different commodity malware families.
Unit 42 researchers recently observed an unusually clever spambot’s attempts to increase delivery efficacy by abusing reputation blacklist service APIs. Rather than sending spam as soon as the host is infected, the bot checks common blacklists to confirm its e-mails will actually be delivered, and if not, shuts itself down. This spambot, commonly downloaded by