Novetta has the know-how and expertise to provide high TRL communications systems that will ensure superior operational surety and C2.
These are YARA signatures, created by ThreatConnect, that will detect and identify malware families that Axiom has used.
Bird’s Eye View is a new monthly executive summary report generated by Novetta’s Threat Research Group to provide a high-level summary of recent noteworthy cyber security events. This first edition will cover recent reporting on three cyber espionage campaigns.
This report includes key findings, background of the Operation SMN effort and its intended goals, some preliminary data on its impact, analysis of campaign targets, operational practices of Axiom as well as some strategic analysis of potential motivations and groups behind the tasking of Axiom actors.
This reverse engineering report outlines the capabilities of newer versions of Winnti that were observed during Operation SMN, including details on the malware’s start-up sequence, basic capabilities, and C2 communication protocol.
This report outlines in detail the full known lineage and capabilities of the HiKit malware family as it is known to Novetta and the Operation SMN coalition.
This list contains hashes of Winnti samples that can be found in VirusTotal.
This report outlines in detail the functioning of the ZoxPNG member of the Zox family, and includes some preliminary analysis of ZoxRPC a relative of ZoxPNG malware.