Genetic Analysis of CryptoWall Ransomware
#Genetic #Analysis #CryptoWall #Ransomware #malware
Метка: malware analysis
Babax stealer rebrands to Osno, installs rootkit
Babax stealer rebrands to Osno, installs rootkit
#rootkit #stealer #malware #research
ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA
Original text by CYBEREASON NOCTURNUS RESEARCH RESEARCH BY: ELI SALEM In 2018, we saw a dramatic increase in cyber crimes in Brazil and, separately, the abuse of legitimate native Windows OS processes for malicious intent. Cyber attackers used living off the land binaries (LOLbins) to hide their malicious activity and operate stealthily in target systems. Using native, legitimate operating […]
Read More
Unpacking Grey Energy malware (Service Application DLL)
( Original text by D3xt3r ) Recently I stumbled upon malware sample which was part of Grey Energy malware campaign targeting Ukraine energy infrastructure. I ran the hash of the file on virutotal and many of the antiviruses tagged it Grey Energy and I tried to do a little more internet research but didn’t find and analysis on it. As […]
Read MoreRansomware Infects 100K PCs in China, Demands WeChat Payment
( original text by Ionut Ilascu ) Over 100,000 thousand computers in China have been infected in just a few days with poorly-written ransomware that encrypts local files and steals credentials for multiple Chinese online services. The crooks demand the victim a ransom of 110 yuan ($16) in exchange for decrypting the files, payable via Tencent’s […]
Read MoreHTTPS Payload and C2 Redirectors
( Original text by Jeff Dimmock ) I’ve written rather extensively about the use of redirectors and how they can strengthen your red team assessments. Since my first post on the topic, the question I’ve received most frequently is about how to do the same thing with HTTPS traffic. In this post, I will detail different HTTPS redirection […]
Read MoreAnalysis of Linux.Omni
( Original text by by Joan Soriano ) Following our classification and analysis of the Linux and IoT threats currently active, in this article we are going to investigate a malware detected very recently in our honeypots, the Linux.Omni botnet. This botnet has particularly attracted our attention due to the numerous vulnerabilities included in its repertoire of infection (11 […]
Read MoreBlobRunner — Quickly Debug Shellcode Extracted During Malware Analysis
( Original text by LYDECKER BLACK ) BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To use BlobRunner, you […]
Read More
Для отправки комментария необходимо войти на сайт.