本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Any.Run
July 10, 2024 Add comment 370 views 7 min read HomeCybersecurity LifehacksA Guide to Common Encryption Algorithms in Modern Malware Recent posts Malware Trends Report: Q2, 2024 1360 0 A Guide to Common Encryption Algorithms in Modern Malware 370 0 Search for Network Threats by Suricata in TI Lookup 695 0 HomeCybersecurity LifehacksA Guide to Common Encryption Algorithms in Modern Malware Malware authors rely on encryption to scramble the code and avoid detection by tools like YARA, Suricata, or ...
July 11, 2024 Add comment 1360 views 5 min read HomeCybersecurity LifehacksMalware Trends Report: Q2, 2024 Recent posts Malware Trends Report: Q2, 2024 1360 0 A Guide to Common Encryption Algorithms in Modern Malware 370 0 Search for Network Threats by Suricata in TI Lookup 695 0 HomeCybersecurity LifehacksMalware Trends Report: Q2, 2024 We’re excited to share ANY.RUN‘s latest malware trends analysis for Q2 2024! Our quarterly update provides insights into the most widely deployed malware famili...
ASEC
- Overview AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). [1] [2] In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there have been cases recently where the malware was disguised as an ebook. Figure 1. An ebook being distributed with the malware 2. Malware Executed via Scripts The compre...
Avast Threat Labs
by Threat Research TeamJuly 8, 20245 min read Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep this secret anymore. DoNex and its Brothers The DoNex ransomware has been rebranded several ti...
Baris Dincer
Cryptax
Dr Josh Stroschein at The Cyber Yeti
YouTube video
Emanuele De Lucia
Posted On 8 July 20249 July 2024 By edelucia HomeGenericUnveiling AzzaSec Ransomware: Technical insights into the group’s locker. AzzaSec emerged as an Italian hacktivist group leveraging ransomware to further their political and ideological objectives. In recent days a lot of media attention has been dedicated to this group, especially in conjunction with the announcement of a R-a-a-S (Ransomware-as-a-Service) program adopted by the group in question. Since AzzaSec sells the affiliation to this...
Fareed Fauzi
Mayur Sewani at Forcepoint
Kota Kino at JPCERT/CC
喜野 孝太(Kota Kino) July 8, 2024 Attack Activities by Kimsuky Targeting Japanese Organizations Email JPCERT/CC has confirmed attack activities targeting Japanese organizations by an attack group called Kimsuky in March 2024. This article introduces the attack methods of the group confirmed by JPCERT/CC. Attack overview In the attack we identified, the attacker sent a targeted attack email impersonating a security and diplomatic organization. A zip file containing the following files with double fil...
Malware Musings
Posted by karl on 2024-07-13 Posted in: Malware Analysis, Reverse Engineering. Tagged: dynamic analysis, malware analysis, Skill:MalwareAnalysis:Dynamic, Skill:ReverseEngineering:Dynamic, Tofsee. Leave a Comment Right, it’s time to start the fun stuff — dynamic analysis, where we run the malware sample and see what happens. What could possibly go wrong?! Overview I started off by running the malware sample with my malware analysis script, which has provided a bit of an overview of what’s going o...
Jérôme Segura at Malwarebytes
Posted: July 12, 2024 by Jérôme Segura Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques. Based on our tracking, Microsoft Teams is once again a popular keyword threat actors are bidding on, and it is the first time we have seen it used by Atomic Stealer. Com...
Yashvi Shah and Vignesh Dhatchanamoorthy at McAfee Labs
OALABS Research
Taking a look at this updated ZharkBot in a rust packer Jul 7, 2024 • 1 min read zharkbot rust triage Overview References Samples Analysis Rust Packer Build Strings Anti Analysis Antilysis ETW and AMSI Patching Payload ZharkBot Network Overview Taking a look at this new variant of ZharkBot. It is delivered in a packer (currently unknown) which is written in rust. Based on the reporting from @0xperator on X ZharkBot appears to be a loader of sorts (to be confirmed). References //x.com/0xperator/s...
Simple poc emulator for virtualized code Jul 12, 2024 • 6 min read emulator unicorn themida socks5systemz Overview Sample PEmulator Emulate The Virtualized Function Where Did It Crash? Fake LocalAlloc Where Did It Crash? Fake wsprintfA How About A Clean Exit? Finally! Overview These notes are for a recent stream we did with the folks over at Off by One Security. You can find a recording on their channel here: Emulating Obfuscated Code. Sample The sample we are analyzing is an older version of So...
Vishwa Thothathri, Yijie Sui, Anmol Maurya, Uday Pratap Singh and Brad Duncan at Palo Alto Networks
14 min read Related ProductsAdvanced DNS SecurityAdvanced Threat PreventionAdvanced URL FilteringAdvanced WildFireCloud-Delivered Security ServicesCode to Cloud PlatformCortex XDRNext-Generation FirewallPrisma CloudUnit 42 Incident Response By:Vishwa ThothathriYijie SuiAnmol MauryaUday Pratap SinghBrad Duncan Published:10 July, 2024 at 12:00 PM PDT Categories:CybercrimeMalwareThreat Research Tags:Anti-analysisAutoITDLL SideloadingMicrosoft ExcelSandbox Share This post is also available in: 日本語 (...
Karlo Zanki at ReversingLabs
Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found. Blog Author Karlo Zanki, Reverse Engineer at ReversingLabs. Read More... ReversingLabs has been actively tracking a malicious campaign targeting the NuGet package manager since the beginning of August, 2023. This report presents the findings of that research, which shows how malicious actors are continuously improving their techniques and respo...
Mike Blinkman at System Weakness
Yin Hong Chang and Sudeep Singh at ZScaler
YIN HONG CHANG, SUDEEP SINGHJuly 10, 2024 - 19 min read Threatlabz ResearchContentsIntroductionKey TakeawaysTechnical AnalysisThreat AttributionTo Be ContinuedZscaler CoverageIndicators Of Compromise (IOCs)MITRE ATT&CK FrameworkAppendixMore blogsCopy URLCopy URLIntroductionThis is Part 1 of our two-part technical deep dive into APT41’s new tooling, which includes DodgeBox and MoonWalk. In April 2024, Zscaler ThreatLabz uncovered a previously unknown loader called DodgeBox. Upon further analysis,...
YIN HONG CHANG, SUDEEP SINGHJuly 11, 2024 - 18 min read Threatlabz ResearchContentsIntroductionKey TakeawaysTechnical AnalysisConclusionZscaler CoverageIndicators Of Compromise (IOCs)MITRE ATT&CK frameworkAppendixMore blogsCopy URLCopy URLIntroductionThis is Part 2 of our two-part technical deep dive into APT41’s new tooling, DodgeBox and MoonWalk. For details of DodgeBox, go to Part 1.In Part 2 of this blog series, we examine the MoonWalk backdoor, a new addition to APT41's toolkit. Continuing ...
