New video drop! In this video, we'll explore more #yara basics by looking into #ascii versus #wide char strings. We'll also talk string obfuscation and use the #xor modifier.

https://youtu.be/J9Qr8Vfe9_s
🗣jstrosch


🎖@malwr

Fortinet's James Slaughter writes about the MyDoom worm (also known as Novarg and Mimail) that was first discovered in 2004, but which continues to operate well beyond expectations, with fresh infections still occurring in the wild. https://www.fortinet.com/blog/threat-research/just-because-its-old-doesnt-mean-you-throw-it-away-including-malware
🗣virusbtn


🎖@malwr

Analysis of BlackLotus UEFI bootkit - Bypasses UEFI Secure Boot even on fully updated Windows 11 systems (It brings legit yet vulnerable binaries to the victim system to exploit CVE-2022-21894 & bypass UEFI Secure Boot) : https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ credits @smolar_m
🗣binitamshah


🎖@malwr

Trend Micro's Daniel Lunghi (@thehellu) details the update that Iron Tiger made to the custom malware family SysUpdate in its latest campaign. The custom malware now includes new features and has added malware infection support for the Linux platform. https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
🗣virusbtn


🎖@malwr

We decide to release something basic & quite simple:

A small tale on Anti-RE: Part 1

https://rixed-labs.medium.com/a-small-tale-on-anti-re-part-1-17a2cf199cf1

Have a good day ahead 🎉
🗣RixedLabs


🎖@malwr

cisagov/decider: A web application that assists network defenders, analysts, and researcher in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
🗣jnazario

I guess I'm trying to understand the place of this tool. Is this the idea if you don't have an existing TIP feeding you intelligence to source and map things on your own?
👤asecuredlife

Can someone point me to the benefits of mapping adversary behaviours in the scope of an incident ? I always feel like I do this for higher management, rarely for myself in the scope of forensics/incident analysis. What do I miss?
👤bromomotatata


🎖@malwr

Malware Families CheatSheet https://marcoramilli.com/2023/03/02/malware-families-cheatsheet/ por @Marco_Ramilli #malwarefamilies
🗣Seifreed


🎖@malwr

Trend Micro researchers analyse a recent malspam campaign distributing the RedLine stealer and targeting the hospitality industry. https://www.trendmicro.com/en_us/research/23/c/managed-xdr-exposes-spear-phishing-campaign-targeting-hospitalit.html
🗣virusbtn


🎖@malwr

Malware development: Persistence:

Part 1: Registry run keys. C++ example: https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html
2: https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html
3: https://cocomelonc.github.io/tutorial/2022/05/02/malware-pers-3.html
4: https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html
5: https://cocomelonc.github.io/tutorial/2022/05/16/malware-pers-5.html
6: https://cocomelonc.github.io/tutorial/2022/05/29/malware-pers-6.html
7 https://cocomelonc.github.io/tutorial/2022/06/12/malware-pers-7.html cr @cocomelonckz
🗣binitamshah


🎖@malwr

ESET researchers analysed a recent Mustang Panda backdoor which is part of an ongoing campaign. MQsTTang (Kumquat) uses the MQTT protocol for C&C communication, one of the benefits of which is that it hides the rest of the infrastructure behind a broker. https://www.welivesecurity.com/2023/03/02/mqsttang-mustang-panda-latest-backdoor-treads-new-ground-qt-mqtt/
🗣virusbtn


🎖@malwr