本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Any.Run
July 31, 2024 Add comment 1057 views 5 min read HomeMalware AnalysisBrief Overview of the DeerStealer Distribution Campaign Recent posts Release Notes: New IOCs in TI Lookup, Network Threats Tab, Free Windows 10 VM, and More 1005 0 Brief Overview of the DeerStealer Distribution Campaign 1057 0 What are TTPs: Tactics, Techniques and Procedures 352 0 HomeMalware AnalysisBrief Overview of the DeerStealer Distribution Campaign Our team recently uncovered a malware distribution campaign for a threat ...
ASEC
Yehuda Gelb at Checkmarx Security
Cleafy
Published:31/7/24Download the PDF version Download your PDF⨠guide to TeaBotGet your free copy to your inbox nowDownload PDF VersionKey PointsAt the end of May 2024, the Cleafy TIR team discovered and analysed a new Android RAT. Since we didn't find references to any known families, we decided to dub this new family BingoMod.The main goal of BingoMod is to initiate money transfers from the compromised devices via Account Takeover (ATO) using a well-known technique, called On Device Fraud (ODF)...
Cyfirma
Elastic Security Labs
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoorElastic Security Labs identified a novel Windows backdoor leveraging the Background Intelligent Transfer Service (BITS) for C2. This malware was found during a recent activity group tracked as REF8747.19 min readMalware analysisBITSLOTH at a glance BITSLOTH is a newly discovered Windows backdoor that leverages the Background Intelligent Transfer Service (BITS) as its command-and-control mechanism. BITSLOTH was uncovered during an int...
Matthew at Embee Research
Decoding a Cobalt Strike script with CyberChef and VsCode. Matthew Aug 04, 2024 - 3 min read IntroductionWe recently encountered a short .HTA script on Malware Bazaar that was linked to the Cobalt Strike toolkit. The script utilises basic obfuscation that can be removed using CyberChef and a text editor. This blog will cover our decoding process, including how to decode the following obfuscation methodsBase64URL EncodingExcessive SpacingOriginal FileThe file used for this analysis can be found o...
Prashant Kumar at Forcepoint
Jenna Wang at Fortinet
By Jenna Wang | July 31, 2024 Article Contents By Jenna Wang | July 31, 2024 Affected platforms: All platforms where PyPI packages can be installed Impacted parties: Any individuals or institutions that have these malicious packages installed Impact: Leak of credentials, sensitive information, etc. Severity level: High The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed. This discovery poses a significant risk to individua...
Fortra’s PhishLabs
Skip to main content Secondary Navigation Fortra.com Client Login Request Support GET A DEMO Platform Services Toggle Dropdown Column 1 Brand Protection Domain Monitoring Customer Phishing Protection Social Media Protection Counterfeit Protection Mobile App Protection Open Web Monitoring Source Code Monitoring Column 2 Threat Intelligence Dark Web Monitoring Compromised Credentials Monitoring Intelligence Assessments Intelligence Feeds Threat Engagement and Disruption Security Awareness Training...
Intel471
Skip to content Return to Intel471 homepage. Platform TITAN Cybercrime Intelligence Platform Platform Capabilities Adversary Intelligence Credential Intelligence Malware Intelligence Vulnerability Intelligence Marketplace Intelligence Cyber Geopolitical Intelligence Gaining the Advantage with Covert Cyber HUMINT Delve deep into the world of Cyber Human Intelligence (HUMINT) — where traditional human intelligence meets the digital world. Discover the strengths, challenges, and best practices to a...
Kelvin W
Robert Derby at Netscout
Robert Derby July 31st, 2024 RSS Feed In the digital age, where connectivity and data are paramount, cybersecurity threats such as ransomware loom large, posing significant risks to organizations worldwide. Ransomware attacks have evolved into sophisticated campaigns that can cripple businesses, demanding ransom payments in exchange for decrypting or not sharing/selling valuable data. To combat this pervasive threat, organizations must adopt a robust security strategy that includes advanced, pac...
Palo Alto Networks
6 min read Related ProductsAdvanced URL FilteringAdvanced WildFireCloud-Delivered Security ServicesCortexCortex XDRCortex XSIAMCortex XSOAR By:Unit 42 Published:2 August, 2024 at 3:00 AM PDT Categories:High Profile ThreatsMalware Tags:Advanced Persistent ThreatAPT28Fancy BearFighting UrsaHeadLacePhishingRussia Share This post is also available in: 日本語 (Japanese)Executive Summary A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor m...
Tatyana Shishkova and Igor Golovin at Securelist
Malware descriptions 29 Jul 2024 minute read Table of Contents IntroductionTechnical detailsBackgroundApplicationsMalware implantInfection chainSecond-stage commands:Third stage commands:Data decryption methodsInstalling next-stage applicationsSandbox evasion techniques and environment checksC2 communicationAttributionVictimsConclusionsIndicators of Compromise Authors Tatyana Shishkova Igor Golovin Introduction In May 2020, Bitdefender released a white paper containing a detailed analysis of Man...
Security Onion
Thanks to Brad Duncan for sharing this pcap from 2024-06-25 on his malware traffic analysis site! Due to issues with Google flagging a warning for the site, we're not including the actual hyperlink but it should be easy to find.We did a quick analysis of this pcap on the NEW Security Onion 2.4.90://blog.securityonion.net/2024/07/security-onion-2490-now-available.htmlIf you'd like to follow along, you can do the following:install Security Onion 2.4.90 in a VM://docs.securityonion.net/en/2.4/first...
Puja Mahendru at Sophos
402 healthcare IT/cybersecurity leaders share their latest ransomware experiences, revealing fresh insights into the realities facing the healthcare sector today. Written by Puja Mahendru July 30, 2024 Products & Services Healthcare Ransomware research Solutions The latest Sophos annual study of the real-world ransomware experiences of healthcare organizations explores the full victim journey, from attack rate and root cause to operational impact and business outcomes. This year’s report sheds l...
Rafael Pena at Trellix
Jason Reaves and Joshua Platt at Walmart
Zhassulan Zhussupov
16 minute read ﷽ Hello, cybersecurity enthusiasts and white hackers! This post is the result of my own research on using CAST-128 block cipher on malware development. As usual, exploring various crypto algorithms, I decided to check what would happen if we apply this to encrypt/decrypt the payload. CAST-128 The CAST-128 encryption method is a cryptographic system that resembles DES and operates using a substitution-permutation network (SPN). It has demonstrated strong resistance against differen...
