4n6 Week 34 – 2024 - MALWARE
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Anchored Narratives
anchorednarratives.substack.comCopy linkFacebookEmailNoteOtherReversing DISGOMOJI with Malcat like a BOSSA review of a binary analysis platform for threat analysts and reversersRJMAug 18, 20242Share this postReversing DISGOMOJI with Malcat like a BOSSanchorednarratives.substack.comCopy linkFacebookEmailNoteOtherShareCover: BOSS is an Indian-based Linux distribution used by the Indian governmentDisclaimer: The views, methods, and opinions expressed at Anchored Narratives are the author’s and do n...
Any.Run
August 20, 2024 Add comment 1159 views 3 min read HomeNewsNew ValleyRAT Campaign Spotted with Advanced Techniques Recent posts What is Cyber Threat Intelligence 1428 0 Recent Phishing Campaigns Discovered by ANY.RUN Researchers 2733 0 New ValleyRAT Campaign Spotted with Advanced Techniques 1159 0 HomeNewsNew ValleyRAT Campaign Spotted with Advanced Techniques A sophisticated campaign is targeting Chinese-speaking users, distributing a malware known as ValleyRAT. What’s happening? There’s a new c...
Dr Josh Stroschein – The Cyber Yeti
YouTube video
YouTube video
Patrick Wardle at Objective-See
Analyzing crash reports reveals malware, bugs, & much more! by: Patrick Wardle / August 13, 2024 The Objective-See Foundation is supported by: Jamf Kandji 1Password CleanMyMac X Palo Alto Networks Malwarebytes iVerify Huntress This research was originally presented at BlackHat USA. In this blog we touch on some of the main highlights and take aways from the talk. ▪️ Slides: “The Hidden Treasures of Crash Reports” ▪️ In the News: “Computer Crash Reports Are an Untapped Hacker Gold Mine” Backgroun...
Christiaan Beek at Rapid7
Aug 20, 2024 5 min read Christiaan Beek Last updated at Fri, 23 Aug 2024 19:15:44 GMT The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors.On underground criminal forums, these transactions allow actors with complementary...
Stephan Berger
22 Aug 2024 Table of Contents Introduction First Stage Second Stage Shellcode Dynamic Analysis Persistence There is moar Introduction To improve my rusty reverse-engineering skills, I’m going to analyze various malware samples that have come up in our incident response cases in loose succession. The first sample belongs to the Fenix botnet (sample here). In this post, we analyze a sophisticated malware infection chain that begins with a user downloading a ZIP file from a Dropbox link and culmina...
Ben Martin at Sucuri
Synacktiv
Rédigé par Théo Letailleur - 18/08/2024 - dans CSIRT - Téléchargement The LAPSUS$ threat group has been known since 2021 for spear phishing, data theft, and extortion against large companies (e.g., Microsoft, Nvidia, Uber). Although evidence of destruction methods was reported, there was no known use of ransomware. In June 2024, LAPSUS$ announced its closure. However, two months later, a new ransomware called HexaLocker was advertised on Telegram channels. Its "only real" admin and probable...
Mattias Wåhlén and Nicklas Keijser at Truesec
UltimaCybr
More bark, less bite? Posted on August 22, 2024 A new ransomware threat has emerged, targeting Linux systems and written in the Rust programming language. Last week I spotted this post by @MalGamy12 about a new group that had created some ransomware. The group goes by the name Team Akita, with the ransomware dubbed AkitaCrypt. The post by @MalGamy12 is believed to be the first ‘In The Wild’ (ITW)’ sample available for analysis, uploaded to VirusTotal in early August. Although this is the first t...
VMRay
WeLiveSecurity
ESET analysts dissect a novel phishing method tailored to Android and iOS users Jakub Osmani 20 Aug 2024 • , 12 min. read In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. For iOS users, such an action ...
Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM Lukas StefankoJakub Osmani 22 Aug 2024 • , 19 min. read ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s r...
Zhassulan Zhussupov
Malware development: persistence - part 26. Microsoft Edge - part 1. Simple C example. 3 minute read ﷽ Hello, cybersecurity enthusiasts and white hackers! This post came about in preparation for a workshop on Malware Persistence techniques that I teach at various conferences in Europe and Asia. This post shows that interesting persistence methods can be found via Sysinternals Procmon via filters, this is a well-known and popular method, I just want to show it in practice. In my case, everything ...
Ruchna Nigam at ZScaler
RUCHNA NIGAM - Principal Security ResearcherAugust 21, 2024 - 17 min read Threatlabz ResearchContentsIntroductionKey TakeawaysOverviewTechnical AnalysisConclusionZscaler CoverageIndicators Of Compromise (IOCs)More blogsCopy URLCopy URLIntroductionZscaler ThreatLabz recently analyzed a new variant of Copybara, which is an Android malware family that emerged in November 2021. The malware is primarily spread through voice phishing (vishing) attacks, where victims receive instructions over the phone...