本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Any.Run
December 26, 2023 Add comment 278 views 5 min read HomeCybersecurity LifehacksWhat is the difference between malware and viruses? Recent posts Looking back at 2023 with ANY.RUN 112 0 Easily Extract Malware Configuration in ANY.RUN 4946 1 7 most common malware types 123 0 HomeCybersecurity LifehacksWhat is the difference between malware and viruses? Many people mistakenly think malware and viruses are the same. This mix-up usually comes from the term “anti-virus,” which since 1970’s has been used...
December 27, 2023 Add comment 286 views 4 min read HomeCybersecurity LifehacksMalware Trends Report: Q4, 2023 Recent posts Looking back at 2023 with ANY.RUN 112 0 Easily Extract Malware Configuration in ANY.RUN 4946 1 7 most common malware types 123 0 HomeCybersecurity LifehacksMalware Trends Report: Q4, 2023 ANY.RUN‘s latest malware trends analysis for Q4 2023 is here, offering a quarterly update on the most prevalent malware families, types, and TTPs. Summary In the fourth quarter of 2023 ANY....
ASEC
AhnLab Security Emergency response Center (ASEC) analyzes attack campaigns against poorly managed Linux SSH servers and shares the results on the ASEC Blog. Before installing malware such as DDoS bot and CoinMiner, the threat actors need to obtain information on the attack target, that is the IP address and SSH account credentials. IP scanning is performed for this purpose to look for servers with the SSH service, or port 22 activated, after which a brute force or dictionary attack is launched t...
Known to be supported by North Korea, the Kimsuky threat group has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Since 2017, attacks targeting countries other than South Korea have also been observed. [1] The group usually launches spear phishing attacks against national defense, defense industries, media, diplomacy, national organizations, and academic sectors. Their attacks aim ...
Dr Josh Stroschein
YouTube video
Igor Skochinsky at Hex Rays
Posted on: 29 Dec 2023 By: Igor Skochinsky Categories: IDA Pro Tags: idapro idatips shortcuts Creating user-defined structures can be quite useful both in disassembly and pseudocode when dealing with code using custom types. However, they can be useful not only in code but also data areas. MFC message maps As an example, let’s consider an MFC program which uses message maps. These maps are present in the constant data area of the program and are initially represented by IDA as a mix of numbers a...
Gaurav Yadav at K7 Labs
Posted byGaurav Yadav December 27, 2023December 27, 2023 Ransomware Mallox Evading AMSI By Gaurav YadavDecember 27, 2023 In the past, as blogged here, we have seen that the Mallox ransomware group has been targeting Indian companies since 2022. Recently, we noticed an update in their PowerShell script which is the crux of this blog. PowerShell scripts are an important part of the attack chain of Mallox attackers because after getting initial access to the machine using SQL or RDP, rest of the ac...
MalwareTech
Marcus Hutchins A Trip Back In Time Recently I got back into malware research and was going through some of my old notes for an article Iâm writing. While cross-referencing notes against old blog posts, I realized that I never actually published the majority of my work on system calls and user mode hooking. Since my next article will require that readers be familiar with both concepts, I decided to take the time to polish up and publish the rest of my research. And hey, whoâs to turn down a ...
Marcus Hutchins Recently I was testing some EDRâs abilities to detect indirect syscalls, and I had an idea for a quirky bypass. If youâre not already familiar with direct and indirect syscalls, I recommend reading this article first. One of the drawbacks of direct & indirect syscalls is that itâs clear from the callstack that you bypassed the EDRâs user mode hook. Below are some example callstacks from direct, indirect, and regular calls. The callstack of a direct syscall. The callstack ...
PetiKVX
Dec 24, 2023 • petikvx Share on: //app.any.run/tasks/990b6a36-241d-4998-8272-ba6c273aa15c/ History The ransomware Neshta was first discovered in 2007. It was designed to encrypt files on infected computer systems and demand a ransom in exchange for the decryption key. Neshta primarily spread through malicious emails, compromised software downloads, and other infection methods. Since its discovery, it has been one of many examples of ransomware that have caused disruptions and computer security i...
Dec 26, 2023 • petikvx Share on: //app.any.run/tasks/227c55c4-5c03-4ddd-a748-5bad57e69994/ This ransomware was discovered on Christmas Day 2023. It is a program written with Microsoft Visual C/C++ using Visual Studio (2012). Sample Information Information Valeur Analysis date December 25, 2023 at 12:09:11 OS Windows 10 Professional (build: 19044, 64 bit) Tags ransomware MIME application/x-dosexec File info PE32 executable (console) Intel 80386, for MS Windows MD5 85A3936612C12269B47F33930F990E8A...
Security Research Labs
37C3 release … 498a4eb Dec 27, 2023 Black Basta Buster 37C3 release 498a4eb Git stats 1 commit Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time doc Black Basta Buster 37C3 release December 27, 2023 17:14 COPYING Black Basta Buster 37C3 release December 27, 2023 17:14 Makefile Black Basta Buster 37C3 release December 27, 2023 17:14 README.rst Black Basta Buster 37C3 release December 27, 2023 17:14 decryptauto.py Black Basta Buster 37C3 release ...
Vlad Pasca at Security Scorecard
Prepared by: Vlad Pasca, Senior Malware & Threat AnalystExecutive summaryMenorah malware was used by the APT34 group, which targeted organizations in the Middle East and was discovered by Trend Micro in August this year. The malware creates a mutex to ensure that only one copy is running at a single time. It extracts the hostname and the username and computes a hash that identifies the infected machine. The following commands are implemented: create new processes, list files and subdirectories f...
Zhassulan Zhussupov
7 minute read ﷽ Hello, cybersecurity enthusiasts and white hackers! In one of the previous posts (and at conferences in the last couple of months) I talked about the TEA encryption algorithm and how it affected the VirusTotal detection score. With today’s post I want to start a series of my new research, I will be developing different versions of the ransomware malware with different algorithms from cryptography. I will do this step by step, so perhaps I will post some things, tricks and techniq...
