Ramsay: a cyber-espionage toolkit tailored for air-gapped networks
ANY.RUN - Interactive malware analysis sandboxhttp://any.run/
Get fast results in real-time! Intuitive interface. Convenient for any level analysts.
Join for free and start your malware hunting!
Avira Cloud Sandbox API. Completely private, unlimited-scale, automated malware analysis servicehttps://oem.avira.com/en/solutions/cloud-sandbox-api
Avira’s Cloud Sandbox API is built to ensure data privacy.
Receive detailed, file-specific threat intelligence reports containing actionable intelligence.
Supports MITRE ATT&CK™ framework.
Do APT Mercenary Groups Pose Real Threat to Companies?https://businessresources.bitdefender.com/apt-as-a-service-webinar
Learn about the recent Bitdefender investigation of a new attack attributed to a sophisticated actor offering advanced-persistent-threats-as-a-service.
Access the investigation
Be a part of the cyber resilience story - explore careers athttps://careers.opentext.com/
Join the cybersecurity and data protection team at Carbonite + Webroot, OpenText companies.
We don’t just talk about sharing. We do it every dayhttps://www.cyberthreatalliance.org/our-sharing-model/
Find out more about how threat intelligence sharing and collaboration through the Cyber Threat Alliance can function as a force multiplier to improve defenses across the ecosystem.
Map Malicious Infrastructures with Pure Signal™ Intelligencehttps://partners.team-cymru.com/pure-signal-trial
Elite analyst teams use Team Cymru’s Pure Signal platform to access 50+ data types, including global network flow, PDNS, malware and more.
Start your 2-week trial now!
What is cyber threat intelligence (CTI) and how is it used?Join the VB2020 Threat Intelligence Practitioners’ Summit (TIPS)
Join the VB2020 Threat Intelligence Practitioners’ Summit, sponsored by the Cyber Threat Alliance,
to hear from leading industry voices on how CTI sharing can function as a force multiplier to strengthen defenses across the ecosystem.
Kaspersky Threat Intelligence Portal - find cyberthreats in files, URLs, IPs and domainshttps://opentip.kaspersky.com/
Know which alerts or incidents pose real threats, and prioritize them fast and effectively based on impact and risk levels.
No-Cost Threat Detection for ISPs and Hosting Providershttps://partners.team-cymru.com/nimbus-threat-monitor
Partner with Team Cymru and get near-real-time threat detection, powered by our world-class IP Reputation data.
Join us now!
Outsource your Unwanted Software/PUA Work for Freehttps://appesteem.com/avs
AppEsteem’s feeds sort out the good apps from the Deceptors.
Our criteria are widely accepted. We’ll help with your disputes.
All for Free. Giving you more time to fight real malware.
Do you want to know how IT security products score in independent tests?https://www.av-comparatives.org/enterprise/latest-tests/
AV-Comparatives is an ISO certified independent organization offering systematic testing that checks whether security software lives up to its promises.
Results are available for free!
Defeating Application Fraud - Learn Howhttps://www.shapesecurity.com/solutions
We protect more accounts from fraud than everyone else in the world combined.
Shape Security is now part of F5 (www.f5.com)
30+ years of experience in the anti-malware industrywww.virusbulletin.com
Virus Bulletin is so much more than just a great conference.
Check out our website to see what more we have to offer.
DNSDB®: The DNS Super Power for Security Teamshttps://www.farsightsecurity.com/get-started-guide/
Farsight Security DNSDB®: the world's largest real-time and historical database of DNS resolutions.
Get your free DNSDB API key and use it in our newly updated web GUI, DNSDB Scout and your own environments.
Contextualize everything DNS related with one API key - DNSDB.
Tired of home office and in urgent need of some networking?https://www.amtso.org/newsletter/
Join the AMTSO community and meet security vendors, testers, journalists, and researchers to discuss cybersecurity trends, tests and standards!
Malware targeting air-gapped networks is not rudimentary, as the scarcity of a network connection requires the innovation of alternative methods, leveraging unconventional tactics, techniques and procedures to provide the same capabilities as conventional malware that relies on a network-based communication channel.
In March 2020 we discovered a cyber-espionage toolkit we call Ramsay, specifically designed to steal documents and operate within air-gapped networks.
In this presentation we will cover the technical aspect of Ramsay, documenting its core capabilities along with the different versions we found. Some of the core capabilities that will be discussed are persistence leveraged via phantom DLL hijacking, covert storage of collected artifacts via API hooking, control mechanisms using a custom file-based protocol, and spreading over the network by infecting files accessible via removable media and network drives leveraging a preprender file-infector. We will also cover artifact and code overlaps found between Ramsay and the DarkHotel APT, and document some OPSEC failures that we observed, which helped us reinforce this connection.