本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Ahmet Göker
Any.Run
February 6, 2024 Add comment 352 views 5 min read HomeCybersecurity LifehacksWhat is Win32:Malware-gen? Explaining Generic Malware Labels Recent posts ZLoader Now Targets 64-bit Systems: Analyze The New Version in ANY.RUN 382 0 Introducing ANY.RUN Threat Intelligence Lookup 1047 0 What is Win32:Malware-gen? Explaining Generic Malware Labels 352 0 HomeCybersecurity LifehacksWhat is Win32:Malware-gen? Explaining Generic Malware Labels Security systems assign generic threat labels to files that app...
February 8, 2024 Add comment 382 views 3 min read HomeNewsZLoader Now Targets 64-bit Systems: Analyze The New Version in ANY.RUN Recent posts ZLoader Now Targets 64-bit Systems: Analyze The New Version in ANY.RUN 382 0 Introducing ANY.RUN Threat Intelligence Lookup 1047 0 What is Win32:Malware-gen? Explaining Generic Malware Labels 352 0 HomeNewsZLoader Now Targets 64-bit Systems: Analyze The New Version in ANY.RUN ZLoader is back and armed with new capabilities. Threat hunters have discovered a...
ASEC
AhnLab SEcurity intelligence Center (ASEC) has identified the distribution of RAT malware disguised as an illegal gambling-related file. Like the distribution method of VenomRAT introduced last month ([1]), the malware is spread via a shortcut (.lnk) file, and it downloads the RAT directly from HTA. Figure 1. Operation process The distributed shortcut file contains a malicious PowerShell command which runs mshta and downloads the malicious script. PowerShell command C:\Windows\System32\WindowsPo...
Ransomware threat actors have been extorting money after taking control over organizations’ internal networks, distributing ransomware, encrypting systems, and holding system restoration for ransom. Recently, however, threat actors not only encrypts the systems but also leaks internal data and threatens to expose them publicly if the ransom is not paid. Usually, these threat actors collect data, compress them, and leak them publicly. In such processes, threat actors utilize many legitimate utili...
AhnLab SEcurity intelligence Center (ASEC) previously uploaded the article “BlueShell Used in APT Attacks Against Korean and Thai Targets” [1] on the ASEC blog which introduced BlueShell malware strains that were used against Linux systems in Thailand and Korea. The threat actor customized the BlueShell backdoor malware for their attack, and configured the malware’s operating condition to only work in specific systems. Even after the article’s release, the BlueShell malware strains developed by ...
Andrei Lapusneanu at Bitdefender
Andrei LAPUSNEANU February 08, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Bitdefender researchers have discovered a new backdoor targeting Mac OS users. This previously undocumented family of malware is written in Rust and includes several interesting features. While the investigation is ongoing, we’re sending out this alert to share indicators of compromise with the community. Bitdefender products identify this threat as Trojan.MAC.RustDoor.*.Here’s what w...
Cryptax
Fatih Yilmaz
05 Feb 2024 Giriş Önceki makalede, zararlı doküman analizi konusunu Microsoft Word belgeleri ile başlatmıştık. Bu blog yazısında Zararlı Excel Belgelerini inceleyeceğiz. Aslında bu iki konu ve bundan sonra zararlı doküman konuları arasında çok fazla fark olmayacak. En çok görülen kötü amaçlı yazılım türlerini analiz ediyorum ve bu türler genellikle ortak teknikleri kullanıyor, ancak her yazıda size farklı bir teknik göstermeye çalışacağım. Bu yazıda; biraz tersine mühendislik, kodlama ve zararlı...
05 Feb 2024 Introduction On the previous article we started malicious document analysis topic with Microsoft Word Documents. In this blog we will see Malicious Excel Documents. Actually these 2 topics and from now on malicious document topics will not be so different. I wanna analyze most seen type of malwares and these types uses mostly common techniques but each post i try to show you different technique. In this post; we will see a little bit reversing, coding and malware analysis. This will ...
Fortinet
By Pei Han Liao | February 05, 2024 Article Contents By Pei Han Liao | February 05, 2024 Affected Platforms: Microsoft Windows Impacted Users: Microsoft Windows Impact: The stolen information can be used for future attack Severity Level: High In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer. From the fingerprints in this attack, it is related to a Vietnamese-based group that was first reported on in August 2023 and again in September. The attack stages bef...
Igor Skochinsky at Hex Rays
Posted on: 07 Feb 2024 By: Igor Skochinsky Categories: IDA Pro Tags: idapro idatips When you work in IDA, it saves the results of your analysis in the IDA Database, so that you can pause and continue at a later time. You can recognize the database files by their file extension .idb (for legacy, 32-bit IDA) or .i64 (for 64-bit IDA or IDA64). Thus they’re also often called just IDB. But what do they contain? You can get a hint by looking at the working directory when the IDB is open in IDA: So, ID...
Swachchhanda Shrawan Poudel at Logpoint
By Swachchhanda Shrawan Poudel|2024-02-05T13:53:01+01:00February 5th, 2024| - 3 min read Fast Facts Pikabot is a multi-staged backdoor trojan that emerged in early 2023. The most notable feature of Pikabot is its loader capability, which is capable of delivering payloads and has several defense evasive techniques. Pikabot is programmed to execute commands via a Command and Control server, such as injecting arbitrary shellcodes, DLLs, or executable files. The malware author has included several a...
Dexter Shin at McAfee Labs
MoqHao evolution: New variants start automatically right after installation McAfee Labs Feb 07, 2024 7 MIN READ Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015. McAfee Mobile Research Team has also posted several articles related to this malware family that traditionally targets Asian countries such as Korea and Japan. Recently McAfee Mobile Research Team found that MoqHao began distributing vari...
Daniela Shalev and Josh Grunzweig at Palo Alto Networks
4,005 people reacted 15 12 min. read Share By Daniela Shalev and Josh Grunzweig February 2, 2024 at 3:00 AM Category: Malware Tags: Advanced URL Filtering, Banking Trojan, Cortex XDR, CVE-2023-36025, DNS security, Mispadu infostealer, WildFire This post is also available in: 日本語 (Japanese)Executive Summary Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunt...
Anna Širokova at Rapid7
Exploring the (Not So) Secret Code of Black Hunt Ransomware Feb 05, 2024 14 min read Anna Širokova Last updated at Fri, 09 Feb 2024 20:54:08 GMT It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black Hunt ransomware wreaked havoc by compromising around 300 c...
S2W Lab
Securelist
Malware descriptions 08 Feb 2024 minute read Table of Contents Forget old Delphi and MSIThe Node.js loader scriptThe Nim loaderLast but not least, the Coyote banking TrojanPersistence and goalsC2 communication and controlConclusionReference IoCs (indicators of compromise) Authors GReAT The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically target...
Ayush Anand at Securityinbits
February 6, 2024.NET, dnSpyEx, Infostealer, Malware Series, pe-sieve, ProcMon, RedLineAyush AnandAbout the NewsletterJoin 100+ subscribers who get 0x1 actionable security bit every week. shieldSubscribeRedLine Stealer config extraction using two ways: Fast & Easy Method: Use the awesome pe-sieve tool from @hasherezade, which dumps unpacked file from memory. Then, extract the config from dumped file. Using dnSpyEx for manual debugging. It’s a bit lengthy but a great way to learn about the unpacki...
Stefan Grimminck
System Weakness
Alberto Fittarelli at The Citizen Lab
Key Findings A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. PAPERWALL has similarities with HaiEnergy, an influence operation first reported on in 2022 by the cybersecurity company Mandiant. However, we assess PAPERW...
Ian Smith at Trail of Bits
Post February 7, 2024 Leave a comment By Ian Smith Trail of Bits is releasing BTIGhidra, a Ghidra extension that helps reverse engineers by inferring type information from binaries. The analysis is inter-procedural, propagating and resolving type constraints between functions while consuming user input to recover additional type information. This refined type information produces more idiomatic decompilation, enhancing reverse engineering comprehension. The figures below demonstrate how BTIGhidr...
Mark Lester Dampios at White Knight Labs
by Mark Lester Dampios | Feb 9, 2024 | Uncategorized In the evolving landscape of digital security, two prominent challenges emerge that pose significant threats to the integrity of online systems and user data: anti-cheat bypass and EDR bypass. These concepts revolve around circumventing protective measures designed to ensure fair play in the realm of online gaming and to safeguard computer systems against malicious software, respectively. This post will delve into the goals of anti-cheat bypas...
