4n6 Week 08 – 2024 - MALWARE
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Any.Run
February 20, 2024 Add comment 329 views 11 min read HomeAnalyst TrainingUnderstanding Macros in Malware: Types, Capabilities, Case Study Recent posts Analyzing Linux Malware in ANY.RUN: 3 examples 236 0 What is Crypto Malware: Definition and Analysis in ANY.RUN 229 0 Understanding Macros in Malware: Types, Capabilities, Case Study 329 0 HomeAnalyst TrainingUnderstanding Macros in Malware: Types, Capabilities, Case Study Macros are like mini programs within other software. They contain instructio...
February 21, 2024 Add comment 229 views 5 min read HomeCybersecurity LifehacksWhat is Crypto Malware: Definition and Analysis in ANY.RUN Recent posts Analyzing Linux Malware in ANY.RUN: 3 examples 236 0 What is Crypto Malware: Definition and Analysis in ANY.RUN 229 0 Understanding Macros in Malware: Types, Capabilities, Case Study 329 0 HomeCybersecurity LifehacksWhat is Crypto Malware: Definition and Analysis in ANY.RUN Blockchain mining is the process of solving complex mathematical equations ...
Analyzing Linux Malware in ANY.RUN: 3 examples February 22, 2024 Add comment 236 views 4 min read HomeCybersecurity LifehacksAnalyzing Linux Malware in ANY.RUN: 3 examples Recent posts Analyzing Linux Malware in ANY.RUN: 3 examples 236 0 What is Crypto Malware: Definition and Analysis in ANY.RUN 229 0 Understanding Macros in Malware: Types, Capabilities, Case Study 329 0 HomeCybersecurity LifehacksAnalyzing Linux Malware in ANY.RUN: 3 examples Although Linux is often regarded, and indeed is, les...
ASEC
- F1TYM1 2 days ago […] Online Scams: Are You Safe From Impersonations, Threats, and Deceptions? […] 0 Reply Archives Archives Select Month February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 202...
AhnLab SEcurity intelligence Center (ASEC) recently discovered that malware strains are downloaded into systems when users try to download security programs from a Korean construction-related association’s website. Login is required to use the website’s services, and various security programs must be installed to log in. Among the programs that must be installed for login, one of the installers had malware strains inside. When the user downloads and installs the installer, the malware strains ar...
Avast Threat Labs
by Threat Research TeamFebruary 20, 20244 min read HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users – individuals – rather than institutions and companies. Its prevalence isn’t remarkably large, nor is the requested ransom payment amount, which has allowed the strain to stay relatively under the radar thus far. During our investigation of the threat, we found a vulnerability, which allowed us to c...
Cryptax
CTF导航
CharmingKittenAPT技术手段分析 APT 4天前 admin 29 0 0 CharmingKitten网络间谍组织来自于伊朗,被称为迷人的小猫咪,最早Behzad Mesri伊朗人因攻击HBO被起诉,确定了属于该成员。 该组织攻击目标伊朗学术研究、人权和媒体相关的人,反对伊朗国内外生活的人,以及伊朗事务的记者、媒体转载有关伊朗的政治顾问等,受害者多数生活在伊朗、以色列和美国等个人,也有一些瑞士、印度、丹麦等地区国家人士。 样本组件分析: .Lnk 诱惑点击执行powershell,如下所示: 提取Hex_Powershell,如下所示: /uploader.sytes.net/download/slideshow/1.jpg /uploader.sytes.net/download/shortcut.exe 关联下载 md5:f9255e0d492eb20df1e78ccc970b121a 感染流程 .Exe 创建SpoonBuSter目录,拷贝自身到目录重命名为dwm.exe,添加自启动,Shell执行。 解密加密字符,利用CreateThread分发恶意进程. 00...
APT-C-24(SideWinder)组织新威胁:基于Nim的载荷浮出水面 APT 4天前 admin 28 0 0 APT-C-24 响尾蛇 APT-C-24 (响尾蛇)是一个活跃于南亚地区的APT组织,最早活跃可追溯到2012年,其主要攻击国家包括巴基斯坦、阿富汗、尼泊尔、不丹、缅甸等数十国,以窃取政府、能源、军事、矿产等领域的敏感信息为主要目的。 过去十年该组织展开了多次鱼叉式网络钓鱼活动窃取信息,为了配合这些行动,攻击者使用了各种编程语言(如C++、C#、Go、Python和 VBScript)开发载荷,并且也使用了各种母体文件(如漏洞文档、宏文件、LNK文件)来释放载荷。近期,我们捕获到了SideWinder针对不丹、缅甸、尼泊尔的攻击样本,这类样本主要是通过宏文档释放Nim语言编译的攻击载荷,这类载荷在响尾蛇历史攻击者中很少见。鉴于此情况,本文重点披露响尾蛇组织使用的这类组件。 一、攻击活动分析 1.恶意载荷分析 近期我们获取多个响尾蛇攻击文件,但是功能都大同小异,现以其中一个母体文件分析,该文件的基本信息如下: MD5 7bea8ea83d5b4fe5985172dbb...
Cyber Geeks
DCSO CyTec
Dr Josh Stroschein – The Cyber Yeti
YouTube video
ElementalX
Igor Skochinsky at Hex Rays
Phylum
Home Research Insights and Resources Docs Discord Sign Up Free Feb 20, 2024 12 min read Research Fake Developer Jobs Laced With Malware Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test file, presumably thinkin...
On Wednesday, February 21, Phylum’s automated risk detection platform alerted us to an anomalous publication of a PyPI package named django-log-tracker. This package was first published to PyPI in April 2022. The linked Github repository shows activity around the same time. It’s interesting to note, though, that today’s publication did not align with the activity recorded in the GitHub repository, which has remained dormant since the April 2022 activity. This discrepancy, especially since the up...
Petar Kirhmajer at ReversingLabs
RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method. Blog Author Petar Kirhmajer, Threat Researcher, ReversingLabs. Read More... ReversingLabs researchers have observed a clear trend in which open-source platforms and code have become the stage for a growing and diverse range of malicious activity and campaigns. This trend includes hosting malicious command-and-control (C2) infrastructure, storing sto...
Robert Giczewski
21 Feb 2024 » malware_analysis, reverse_engineering From time to time I tidy up my thousands of open browser tabs, and this time I came across something that I wanted to look at a few weeks ago but had forgotten about. Itâs a tweet from MalwareHunterTeam about a probably interesting sample called Evotec Project Brief and MCDA (Cenk Cetin).zip.My interest was piqued since Evotec is a German company, and it appears that a specific person is being targeted based on the file name. To make sure, I ...
Tomas Nieponice at Stratosphere IPS
Stratosphere IPS February 23, 2024 malware analysis Analysis and understanding of malware of the PyRation family Stratosphere IPS February 23, 2024 malware analysis This blog was authored by Tomas Nieponice on February 23, 2024This work was made in the context of a 3-week winter cybersecurity internship by the author at the Stratosphere Laboratory, which involved learning about networking, malware reversing, programming and science communication. The internship was done under the supervision of ...
System Weakness
Uptycs
Uptycs Named a Leader in KuppingerCole CNAPP Leadership Compass Why Uptycs? Products Show submenu for Products Cloud Security CNAPP Overview Workload Protection (CWPP) Container and K8s Security (KSPM) Posture Management (CSPM) Entitlement Management (CIEM) Threat Detection and Response (CDR) Endpoint Security XDR Overview Workspace and Workload Security IBM Power, Linux on Z, LinuxONE, and AIX Uptycs XDR vs. The Old Way Solutions Show submenu for Solutions By Use Case Compliance Vulnerability M...
Zhassulan Zhussupov
13 minute read ﷽ Hello, cybersecurity enthusiasts and white hackers! In one of my previous posts about cryptography in malware, I considered RC5 encryption, one of the readers asked what would happen if I used RC6 encryption for my payload. This post is the result of my own research on try to evasion AV engines via encrypting payload with another logic: RC6. As usual, exploring various crypto algorithms, I decided to check what would happen if we apply this to encrypt/decrypt the payload. RC6 RC...