Antiy AVL SDK Anti-Virus Engine Upgrade Announcement (20231028)

Based on the principles of transparency, accessibility, usability, verifiability and perceptibility of security capabilities, Antiy releases weekly updates of the AVL SDK anti-virus engine and the full set of capabilities to the public every week. 1. Weekly Update Statistical period: Octobe……

Continue Reading

PlayCrypt Analysis

1.Overview Recently, Antiy CERT has monitored an active trend of PLAY ransomware incidents. PLAY ransomware, also known as PlayCrypt, was developed and operated by Balloonfly[1] and was first discovered in June 2022. The ransomware is mainly spread through phishing emails and vulnerabilities, and……

Continue Reading

Antiy AVL SDK Anti-Virus Engine Upgrade Announcement (20231021)

Based on the principles of transparency, accessibility, usability, verifiability and perceptibility of security capabilities, Antiy releases weekly updates of the AVL SDK anti-virus engine and the full set of capabilities to the public every week. 1. Weekly Update Statistical period: Octobe……

Continue Reading

Analysis of Ransomware PLAY

1.Overview Recently, Antiy CERT monitors the PLAY blackmail event to present the active trend. Play ransomware, also known as PlayCrypt, was developed and operated by the Balloonfly organisation [1] and was first discovered in June 2022. The ransomware is spread mainly through phishing emails ……

Continue Reading

Monographic analysis report on the Natrix Group

1、Overview The Natrix Group has been active since the second half of 2022, launching a multitude of attack campaigns against domestic users. The Natrix Group spreads a wide variety of malware variants, rapidly updates its evasion techniques, frequently changes its infrastructure, and targets a w……

Continue Reading

Antiy AVL SDK Anti-Virus Engine Upgrade Announcement (20231014)

Based on the principles of transparency, accessibility, usability, verifiability and perceptibility of security capabilities, Antiy releases weekly updates of the AVL SDK anti-virus engine and the full set of capabilities to the public every week. 1. Weekly Update Statistical period: Octobe……

Continue Reading

Analysis of Recent Activities of the WatchDog Mining Organization

1.Overview Recently, Antiy CERT captured a batch of active WatchDog mining samples. This group primarily exploits exposed Docker Engine API endpoints and Redis servers to launch attacks, and can quickly pivot from a single infected machine to an entire network. The WatchDog mining group has be……

Continue Reading

Special Analysis Report on the “SwimSnake” Cybercrime Group

1.Overview The “SwimSnake” cybercrime group has been active since the second half of 2022, launching a large number of attacks against domestic users. This cybercrime group has attracted widespread attention from the domestic security industry this year due to its diverse malicious……

Continue Reading

Antiy AVL SDK Anti-Virus Engine Upgrade Announcement (20231007)

Based on the principles of transparency, accessibility, usability, verifiability and perceptibility of security capabilities, Antiy releases weekly updates of the AVL SDK anti-virus engine and the full set of capabilities to the public every week. 1. Weekly Update Statistical period: Septem……

Continue Reading