#Malware_analysis
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
Trustwave
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT | Trustwave
After Microsoft announced this year that macros from the Internet will be blocked by default in Office , many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware.
#Malware_analysis
1. GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
https://gbhackers.com/guloader-malware-advanced-anti-analysis
2. CatB Ransomware
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection
1. GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
https://gbhackers.com/guloader-malware-advanced-anti-analysis
2. CatB Ransomware
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection
#Infographics
#Malware_analysis
Ransomware & Data Extortion Landscape in 2022
https://app.tidalcyber.com
#Malware_analysis
Ransomware & Data Extortion Landscape in 2022
https://app.tidalcyber.com
Tidalcyber
Tidal Cyber
Threat-Informed Defense
#Malware_analysis
1. Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
2. TTPs: Rust vs C++
A comparative analysis of C++ and Rust implant binaries
https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-rust-vs-c++
1. Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
2. TTPs: Rust vs C++
A comparative analysis of C++ and Rust implant binaries
https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-rust-vs-c++
GitHub
GitHub - Ort0x36/Dimorf: Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s - Ort0x36/Dimorf
#Malware_analysis
1. The Mac Malware of 2022
https://objective-see.org/blog/blog_0x71.html
2. New version of Raspberry Robin
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1. The Mac Malware of 2022
https://objective-see.org/blog/blog_0x71.html
2. New version of Raspberry Robin
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
objective-see.org
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
#tools
#Malware_analysis
VBScript & VBA source-to-source deobfuscator with partial-evaluation
https://github.com/airbus-cert/vbSparkle
#Malware_analysis
VBScript & VBA source-to-source deobfuscator with partial-evaluation
https://github.com/airbus-cert/vbSparkle
GitHub
GitHub - airbus-cert/vbSparkle: VBScript & VBA source-to-source deobfuscator with partial-evaluation
VBScript & VBA source-to-source deobfuscator with partial-evaluation - airbus-cert/vbSparkle
#Malware_analysis
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
dr4k0nia
Unpacking RedLine Stealer
In this post, we are going to take a look at Redline Stealer, a well-known .NET based credential stealer. I will focus on unpacking the managed payload and extracting it’s config, for a more detailed analysis of the payload you can check out this post by…
Forwarded from Deadly malware xp
#Malware_analysis
1. Unveiling of a large resilient infrastructure distributing Raccoon and Vidar information stealers
https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers
2. Pupy RAT hiding under WerFault’s cover
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover
1. Unveiling of a large resilient infrastructure distributing Raccoon and Vidar information stealers
https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers
2. Pupy RAT hiding under WerFault’s cover
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover
Sekoia.io Blog
Unveiling of a large resilient infrastructure distributing information stealers
The distribution methods used to distribute infostealer are varied, ranging from malspam to fake installers. Discover their infection chains.
Forwarded from Deadly malware xp
#Malware_analysis
Unraveling the techniques of Mac ransomware
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware
Unraveling the techniques of Mac ransomware
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware
Forwarded from Deadly malware xp
#Malware_analysis
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
GitHub
malware_analysis/brc4 at main · matthw/malware_analysis
Contribute to matthw/malware_analysis development by creating an account on GitHub.