本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Andrea Fortuna
Jan 25, 2023 Static malware analysis is the process of analysing malware samples without executing them. In this post, I’d like to share my basic workflow for static malware analysis, with tools and techniques that can be used at each stage. 1. File identification The first step in static malware analysis is to identify the type of file you are dealing with. You can use tools like the “file” command, TrID, or VirusTotal to identify the file type and determine if it is a known malware sample. 2. ...
Any.Run
January 26, 2023 Add comment 1523 views 9 min read HomeMalware AnalysisCryptBot Infostealer: Malware Analysis Recent posts CryptBot Infostealer: Malware Analysis 1523 1 WannaCry: The Most Preventable Ransomware is Still at Large 1533 2 Annual Report 2022 2194 1 HomeMalware AnalysisCryptBot Infostealer: Malware Analysis We recently analyzed CryptBot, an infostealer detected by the ANY.RUN online malware sandbox. Through our research, we collected information about MITRE ATT&CK techniques used by ...
ASEC
ContentsPhishing EmailsFile Extensions in Phishing EmailsCases of Distribution Case: FakePageCase: Malware (Infostealer, Downloader, etc.) Keywords to Beware of: ‘ONE’ ExtensionFakePage C2 URL The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 8th, 2023 to January 14th, 2023 and provide statistical information on each type. Genera...
CTF导航
【技术分享】在QQ上检测安卓锁机勒索软件 移动安全 2天前 admin 40 0 0 近年来,越来越多的锁机勒索软件(Locker-Ransomware)对Android平台以及用户的财产构成了巨大威胁。锁机勒索软件通过强制锁定设备勒索受害者的赎金,更糟糕的是,已经形成了成熟的勒索软件交易链。有效检测锁机勒索软件是一个紧急但至关重要的问题,为了解决这个问题,在本文中提出一种轻量级的自动方法来检测锁机勒索软件。 首先,对锁机勒索软件的交易市场进行了全面调查,并对锁机勒索软件的行为进行了全面分析。其次,为解决代码混淆问题,基于观察到的行为提取了显示文本和后台操作的特征。细粒度的特征是从多个来源提取的,可以从各个方面分析锁机勒索软件。最后,采用四种机器学习算法的集合进行检测,实验结果表明方法优于VirusTotal。以99.98%的检测精度实现最佳性能。 0x01 Introduction 勒索软件是一种恶意软件,它通过阻止对设备或数据的访问来勒索用户勒索赎金。通常,勒索软件可分为锁机勒索软件和加密勒索软件。更具体地说,锁机勒索软件通过重置PIN码或弹出全屏窗口来阻止用户与设备的互动。窗口覆...
Didier Stevens
PDF ToolsNew Tool: onedump.pyoledump.pyUsing Metasploit On Windows Categories .NET 010 Editor Announcement Arduino Bash Bunny Beta bpmtk Certification Didier Stevens Labs Eee PC Elec Encryption Entertainment Fellow Bloggers Forensics Hacking Hardware maldoc Malware My Software N800 Networking Nonsense nslu2 OSX PDF Personal Physical Security Poll Puzzle Quickpost Release Reverse Engineering RFID Shellcode smart card Spam technology UltraEdit Uncategorized Update video Vulnerabilities WiFi Window...
Dosxuz
Tradecraft Improvement 1 - Creating PE files with no imports Introduction Sometimes there are few steps that we would want to take in order to improve our tradecraft. We might want to make our PE files more difficult to detect or difficult to create signatures for. For this reason, I wanted to start a blog series regarding this particular topic of improving tradecrafts. In this series I will mainly go through, how one can take steps to make their payloads a little more difficult to be detected o...
Hex Rays
Karlo Licudine at AccidentalRebel
January 23, 2023 in malware, re, jupyter I came across the Blue-Jupyter project on Github while researching Jupyter notebooks. This short demo video got me excited, so I cloned the project and added some improvements that automate many things when I am looking for malware to investigate. What are Jupyter Notebooks? For readers who may be unfamiliar, Jupyter Notebooks are a web-based tool that allows users to create and share documents that contain live code, equations, visualizations, and narrat...
Nihar Deshpande at Quick Heal
By Nihar Deshpande 25 January 2023 8 min read 0 Comments As cyber threats continue to evolve and become more sophisticated, it’s crucial for security researchers and professionals to stay ahead of the curve. In this post, ⦁ We will explore how ChatGPT can assist in the analysis of malware, specifically the Remote Access Trojan (RAT) known as AsyncRAT and, ⦁ We will also delve into the capabilities of ChatGPT and talk about how it can assist in identifying indicators of compromise, by analyzing n...
Tony Lambert
Post CancelBATLoader, Ursnif, and Redline, oh my! By Tony Lambert Posted 2023-01-23 11 min readEarlier today, @MalwareHunterTeam posted on Twitter about a malicious MSI file masquerading as a Rufus installer.Searching for "rufus" in Google right now gives 2 ads that are obviously not the official Rufus.2nd one redirect: //rufus-download[.]software/download-index1.htmlDownload: //extremebot[.]software/Rufus_3.21.msiSame gang: //t.co/6spGIxTwbMcc @1ZRR4H @wdormann pic.twitter.com/K02Vs2Q50Z— Malwa...
Nathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, and Nathaniel Gregory Ragasa at Trend Micro
Subscribe Content added to Folio Folio (0) close Ransomware New Mimic Ransomware Abuses Everything APIs for its Encryption Process Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. By: Nathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, Nathaniel Gregory Ragasa January 26, 2023 Read tim...
Vicente Díaz at VirusTotal
Popular Posts An update from VirusTotal Our goal is simple: to help keep you safe on the web. And we’ve worked hard to ensure that the services we offer continually improve. But as... VT4Browsers++ Any indicator, every detail, anywhere TL;DR: VirusTotal’s browser extension can now automatically identify IoCs in any website and enrich them with superior context from our crow... Deception at a scale Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practiti...
