Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
A buggy behavior located into CreateFile allows to hide malware from users and AV scanners. Microsoft will not fix it:
https://github.com/dalvarezperez/CreateFile_based_rootkit
#CreateFile #malware #rootkit #antivirus

ℹ️ Sent from one of our members

πŸŽ–@malwr
[PDF ThaiCERT publishes "Threat Group Cards: A Threat Actor Encyclopedia" version 2.0 - Added 115 threat groups and many other updates - portal coming soon](https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat%20Group%20Cards.pdf?dl=0)
πŸ—£digicat


πŸŽ–@malwr
Microsoft launches free Memory Forensics and Rootkit Detection service for Linux systems
πŸ—£dreamygeek

Perhaps read the official blog post before you all get your pitch forks out over the free service thats intended to make hard to find, in memory malware incredibly expensive to keep using for attackers without risk of exposure.

"Project Freta was designed and built with survivor bias at its core."

God forbid microsoft and their academic researchers do a good thing here and get any credit.

Yeesh πŸ™„

https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
πŸ‘€jdwashere

Soooo... Volatility in the cloud?
πŸ‘€YXZs

mmm... a rootkit that detects rootkits
πŸ‘€skyl4nk


πŸŽ–@malwr
ThiefQuest Ransomware detects VM (possibly)
Set up a Mac VM on VMWare, tried running the ThiefQuest Ransomware. On the Activity Monitor, I Force Quit vmware-tools-daemon, hoping it won't detect it as a VM. But I guess I'm wrong. It's either the samples I've gotten are wrong, or the malware detects a VM.

https://preview.redd.it/qjsk2yyu0h951.png?width=1910&format=png&auto=webp&s=e5d5186bee11b35fdc5eaa1d7c06d577c4a3da32
πŸ—£LMJR500Army

It can still detect that it's in a VM even without the vmware-tools-daemon running. Common methods in this VMware kb article.

There are plenty of other anti-forensic methods for detecting a VM as well. Sometimes you need to be as tricky as the creators to get the malware to actually run when you are trying to examine it.
πŸ‘€TheDarthSnarf


πŸŽ–@malwr
Digital forensics specialist's bookshelf: Top 11 books on digital forensics, incident response, and malware analysis
https://www.group-ib.com/blog/bookshelf

https://preview.redd.it/2bjsvygjyg951.png?width=1023&format=png&auto=webp&s=02c1aac3787d8620c8d8d0709c0c641bc035f27f
πŸ—£Igor_Mikhaylov

Is rootkits and bootkits an updated sequel to practical malware analysis or a specialized deep dive?
πŸ‘€QuietForensics

I would add Applied Incident Response
https://www.amazon.com/Applied-Incident-Response-Steve-Anson/dp/1119560268
πŸ‘€sidi7

I don’t think #2 is with 508 anymore
πŸ‘€bigt252002


πŸŽ–@malwr