#Malware_analysis
1. Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
2. TTPs: Rust vs C++
A comparative analysis of C++ and Rust implant binaries
https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-rust-vs-c++
1. Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
2. TTPs: Rust vs C++
A comparative analysis of C++ and Rust implant binaries
https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-rust-vs-c++
GitHub
GitHub - Ort0x36/Dimorf: Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s - Ort0x36/Dimorf
#Malware_analysis
1. The Mac Malware of 2022
https://objective-see.org/blog/blog_0x71.html
2. New version of Raspberry Robin
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1. The Mac Malware of 2022
https://objective-see.org/blog/blog_0x71.html
2. New version of Raspberry Robin
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
objective-see.org
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
#tools
#Malware_analysis
VBScript & VBA source-to-source deobfuscator with partial-evaluation
https://github.com/airbus-cert/vbSparkle
#Malware_analysis
VBScript & VBA source-to-source deobfuscator with partial-evaluation
https://github.com/airbus-cert/vbSparkle
GitHub
GitHub - airbus-cert/vbSparkle: VBScript & VBA source-to-source deobfuscator with partial-evaluation
VBScript & VBA source-to-source deobfuscator with partial-evaluation - airbus-cert/vbSparkle
#Malware_analysis
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
dr4k0nia
Unpacking RedLine Stealer
In this post, we are going to take a look at Redline Stealer, a well-known .NET based credential stealer. I will focus on unpacking the managed payload and extracting it’s config, for a more detailed analysis of the payload you can check out this post by…
Forwarded from Deadly malware xp
#Malware_analysis
1. Unveiling of a large resilient infrastructure distributing Raccoon and Vidar information stealers
https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers
2. Pupy RAT hiding under WerFault’s cover
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover
1. Unveiling of a large resilient infrastructure distributing Raccoon and Vidar information stealers
https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers
2. Pupy RAT hiding under WerFault’s cover
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover
Sekoia.io Blog
Unveiling of a large resilient infrastructure distributing information stealers
The distribution methods used to distribute infostealer are varied, ranging from malspam to fake installers. Discover their infection chains.
Forwarded from Deadly malware xp
#Malware_analysis
Unraveling the techniques of Mac ransomware
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware
Unraveling the techniques of Mac ransomware
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware
Forwarded from Deadly malware xp
#Malware_analysis
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
GitHub
malware_analysis/brc4 at main · matthw/malware_analysis
Contribute to matthw/malware_analysis development by creating an account on GitHub.
#tools
#Malware_analysis
SEMA - ToolChain using Symbolic Execution for Malware Analysis
https://github.com/csvl/SEMA-ToolChain
#Malware_analysis
SEMA - ToolChain using Symbolic Execution for Malware Analysis
https://github.com/csvl/SEMA-ToolChain
#tools
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
#Malware_analysis
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
Avast Threat Labs
NeedleDropper - Avast Threat Labs
Since October 2022, we’ve been observing multiple malware types delivered via a new dropper strain that we are referring to as “NeedleDropper”. Its name references one of the ways the dropper stores data. NeedleDropper is not just a single executable, it…
Antivirus_Event_Analysis_1.11.pdf
56.8 KB
#Infographics
#Malware_analysis
Antivirus Event Analysis Cheat Sheet, ver. 1.11.0.
]-> https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0
#Malware_analysis
Antivirus Event Analysis Cheat Sheet, ver. 1.11.0.
]-> https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0
Vjw0rm.pdf
5 MB
#Malware_analysis
How to Analyze JavaScript Malware - A Case Study of Vjw0rm
How to Analyze JavaScript Malware - A Case Study of Vjw0rm
#Malware_analysis
Analysis of CVE-2022-42475 - FortiOS - heap-based buffer overflow in SSLVPNd
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Analysis of CVE-2022-42475 - FortiOS - heap-based buffer overflow in SSLVPNd
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Fortinet Blog
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our on…
#Malware_analysis
1. Analyzing Rhadamanthys Stealer
https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
2. BianLian Ransomware (Decrypted)
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware
1. Analyzing Rhadamanthys Stealer
https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
2. BianLian Ransomware (Decrypted)
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware
Medium
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Threat Background
Forwarded from Deadly malware xp
#Malware_analysis
StrongPity espionage campaign
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users
StrongPity espionage campaign
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
#Threat_Research
#Malware_analysis
1. Way Into Creating a Polymorphic Malware using ChatGPT
https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware
2. Batloader Malware
https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
#Malware_analysis
1. Way Into Creating a Polymorphic Malware using ChatGPT
https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware
2. Batloader Malware
https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
#Malware_analysis
1. Analyzing Malicious OneNote Documents
https://blog.didierstevens.com/2023/01/22/analyzing-malicious-onenote-documents
2. Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464
1. Analyzing Malicious OneNote Documents
https://blog.didierstevens.com/2023/01/22/analyzing-malicious-onenote-documents
2. Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464
#Malware_analysis
Detecting malicious artifacts using an ETW consumer in kernel mode
https://www.countercraftsec.com/blog/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode
Detecting malicious artifacts using an ETW consumer in kernel mode
https://www.countercraftsec.com/blog/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode
LODEINFO.pdf
14.9 MB
#Malware_analysis
"Fighting to LODEINFO: Investigation for Continuous Cyberespionage Based on Open Source", 2023.
]-> LODEINFO Triage Tools:
https://github.com/nflabs/aa_tools/tree/main/lodeinfo
"Fighting to LODEINFO: Investigation for Continuous Cyberespionage Based on Open Source", 2023.
]-> LODEINFO Triage Tools:
https://github.com/nflabs/aa_tools/tree/main/lodeinfo