本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Any.Run
September 19, 2023 Add comment 460 views 8 min read HomeCybersecurity LifehacksMalware Analysis for Keeping Up with the Latest Threats: Lessons from ANY.RUN Recent posts Malware Analysis for Keeping Up with the Latest Threats: Lessons from ANY.RUN 460 0 ChatGPT-powered Malware Analysis: Review Sandbox Results with AI 2469 2 How to Hire the Right Malware Analyst for Your Team: Our Experience 662 0 HomeCybersecurity LifehacksMalware Analysis for Keeping Up with the Latest Threats: Lessons from ANY...
ASEC
AhnLab Security Emergency response Center (ASEC) has discovered circumstances of a malicious LNK file impersonating the National Tax Service being distributed. Distribution using LNK files is a method that has been used in the past, and recently, there have been multiple cases of distribution to Korean users. The recently identified LNK file is presumed to be distributed via a URL included in emails. The URL identified through AhnLab Smart Defense (ASD) is as follows, and from it, a compressed f...
Gh0st RAT is a remote control malware developed by the C. Rufus Security Team from China. Due to its source code being publicly available, malware developers use it as a reference as they continue developing numerous variants that are still actively used in attacks. Although the source code is public, Gh0st RAT is mainly used by threat actors based in China. Cases of Gh0stCringe RAT, a variant of Gh0st RAT, being distributed targeting database servers (MS-SQL, MySQL servers) were disclosed in a ...
Jarosław Jedynak at CERT Polska
Report an incident Back You're in the menu About us About us About our team Contact News For experts For experts News Publications Projects n6 Artemis MWDB CVD program CVD policy Advisories About us News For experts Report an incident About us About our team Contact Baza wiedzy FaÅszywe inwestycje Uważaj na faÅszywe sklepy online (Nie)bezpieczne pÅatnoÅci FaÅszywi konsultanci Zadbaj o bezpieczne hasÅa i logowanie Niebezpieczne zaÅÄ czniki FaÅszywe proÅby o szybki przelew FaÅszywe SMSy...
Yehuda Gelb at Checkmarx Security
Attacker Unleashes Stealthy Crypto Mining via Malicious Python PackageYehuda Gelb·FollowPublished incheckmarx-security·4 min read·4 days ago--ListenShareRecently, our team came across a Python package named “culturestreak”. A closer look reveals a darker purpose: exploiting victims’ system resources for unauthorized cryptocurrency mining.Key PointsA malicious Python package, “Culturestreak”, hijacks system resources for unauthorized cryptocurrency mining.The malicious package utilizes obfuscated...
Asheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, and Arnaud Zobec at Cisco’s Talos
By Asheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, Arnaud Zobec Tuesday, September 19, 2023 08:09 APT Malware SecureX Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East.HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content ...
CTF导航
Advanced Root Detection & Bypass Techniques 移动安全 4天前 admin 54 0 0 Introduction 介绍 Welcome to another blog post in our series on Advanced Frida Usage. In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent them from running on compromised devices. For learning purposes, we will be using a sample root detection application named Root...
Doug Burks at Security Onion
Thanks to Brad Duncan for sharing this pcap://www.malware-traffic-analysis.net/2023/05/23/index.htmlWe did a quick analysis of this pcap on the NEW Security Onion 2.4. If you'd like to follow along, you can do the following:install Security Onion 2.4 in a VM://docs.securityonion.net/en/2.4/first-time-users.htmlimport the pcap using so-import-pcap://docs.securityonion.net/en/2.4/so-import-pcap.html#so-import-pcapoptionally enable the new DNS lookups feature://docs.securityonion.net/en/2.4/soc-cus...
Alex Petrov at Hex Rays
Posted on: 21 Sep 2023 By: Alex Petrov Categories: News Tags: idatips Welcome to a new chapter of Igor’s invaluable insights! At Hex-Rays, we understand the importance of continuous learning in our ever-evolving field. Therefore, we are thrilled to introduce you to Igor’s Tip of the Week – Season 3. Three years ago, we embarked on a mission to empower IDA’s community with Igor’s practical bits of advice. Over time, these tips have become an indispensable resource for both beginners and seasoned ...
David Carter at Huntress
Previous Post Next Post Share on Twitter Share on LinkedIn Share on Facebook Share on Reddit How do security teams know exactly what malware is doing and how to stop it? In a recent episode of Tradecraft Tuesday, I was joined by Principal Security Researcher Caleb Stewart to dive into the thought process behind reverse engineering malware and the value it brings. Understanding how malware functions is critical to developing a stronger security posture. Not only does it aid in improving defense m...
Intezer
PRODUCT | Autonomous SOC Smart alert triage automation, deep investigations, and escalation for serious threats Intezer for MSSP Discover how Intezer helps MSSP scale seamlessly TRIAGE ALERTS FROM Intezer for SentinelOne Intezer for Microsoft Defender NEW Intezer for CrowdStrike Intezer for SOAR Intezer for Reported Phishing Want to see Intezer in action? Get a Demo LEARN Blog Read threat analyses from Intezer’s research team, step-by-step technical tutorials, and the latest product news Documen...
Proofpoint
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape Share with your network! September 20, 2023 Proofpoint Threat Research Team Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT an...
Mohammad Amr Khan at Pulsedive
Agniane is an emerging infostealer identified in August 2023. Dive into how Agniane collects data, evades analysis, and expands operations in this blog. Mohammad Amr Khan Sep 19, 2023 • 8 min read Agniane is a new information stealer identified by @MalGamy12 in August 2023. This stealer operates on an as-a-service model where the developers grant access to the application for US$50 per month or US$120 for a three month subscription. In addition to exfiltrating information from web browsers, the ...
R136a1
Sep 22, 2023 ⢠malware In April, Kaspersky briefly described a new malware dubbed DreamLand in their APT trends report Q1 2023. Quote: In March, we discovered a new malware strain actively targeting a government entity in Pakistan. We designated this malware âDreamLandâ. The malware is modular and utilizes the Lua scripting language in conjunction with its Just-in-Time (JIT) compiler to execute malicious code that is difficult to detect. It also features various anti-debugging capabilities...
Anuj Soni at SANS
Anuj Soni Latest Must-Read Malware Analysis Blogs In this post, we present a selection of recent malware analysis write-ups to highlight individuals' passion for malware analysis September 21, 2023 In this brief post, we present a selection of recent malware analysis write-ups. Our goal is to highlight the contributions of individuals who share their passion for malware analysis with the community. These dedicated analysts work tirelessly to document their approach to reverse engineering malware...
SentinelOne
Alex Delamotte / September 18, 2023 Executive Summary SentinelLabs identified three Android application packages (APK) linked to Transparent Tribe’s CapraRAT mobile remote access trojan (RAT). These apps mimic the appearance of YouTube, though they are less fully featured than the legitimate native Android YouTube application. CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects. Background Transparent Tribe is a suspecte...
Aleksandar Milenkoski / September 21, 2023 By Aleksandar Milenkoski, in collaboration with QGroup Executive Summary SentinelLabs has observed a new threat activity cluster by an unknown threat actor we have dubbed Sandman. Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. The activities are characterized by strategic lateral movements and minimal engagements, likely to minimize the risk of detection. Sandman has...
Ax Sharma at Sonatype
September 19, 2023 By Ax Sharma 4 minute read time SHARE: The Sonatype Security Research team is currently tracking an ongoing campaign on the npm registry that uses npm packages to retrieve and exfiltrate your Kubernetes configuration and SSH keys to an external server. Our automated malware detection systems have identified at least 14 such packages thus far. We have been reporting these packages to the npm registry admins as these surface, following our analysis. These packages, analyzed by S...
Joseph C Chen and Jaromir Horejsi at Trend Micro
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation. By: Joseph C Chen, Jaromir Horejsi September 18, 2023 Read time: ( words) Save to Folio Subscribe In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as Ea...
WeLiveSecurity
ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East ESET Research 22 Sep 2023 • , 21 min. read For years, the Middle East has maintained its reputation as a fertile ground for advanced persistent threats (APTs). In the midst of routine monitoring of suspicious activities on the systems of high-profile customers, some based in this region, ESET Research stumbled upon a very sophisticated and unknown backdo...
