Malware News
12.7K subscribers
1.63K photos
7 videos
130 files
7.78K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
Introduction to offensive security (guide by @0xTriboulet)

https://steve-s.gitbook.io/0xtriboulet/

#offensivesecurity
๐Ÿ—ฃ0xor0ne


๐ŸŽ–@malwr
๐Ÿ‘2
Here is a ETW based POC to monitor for (some) direct and indirect syscalls. Should find multiple open source implementations trying to avoid userlandhooks.

https://github.com/thefLink/Hunt-Weird-Syscalls
๐Ÿ—ฃthefLinkk


๐ŸŽ–@malwr
๐Ÿ‘1
Hey, FIRSTies! After much dedicated work, the #EthicsSIG has published their #CaseStudies to the FIRST website! Check out the encompassing document here: http://ow.ly/rG2S50NNbJt
๐Ÿ—ฃFIRSTdotOrg


๐ŸŽ–@malwr
c2detect: Search for c2 servers by listener outside https://github.com/michael2to3/c2-search-netlas
๐Ÿ—ฃ_r_netsec


๐ŸŽ–@malwr
dnstop โ€“ Monitor and display DNS server traffic on your network https://www.cyberciti.biz/faq/dnstop-monitor-bind-dns-server-dns-network-traffic-from-a-shell-prompt/ #Linux #Unix #FreeBSD
๐Ÿ—ฃnixcraft


๐ŸŽ–@malwr
EclecticIQ researchers have identified a spear phishing campaign targeting Ukrainian government entities including the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU), likely conducted by APT group Gamaredon. https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
๐Ÿ—ฃvirusbtn


๐ŸŽ–@malwr
VirusTotal's trompi summarises the latest activity of the APT43 group based on the telemetry of its malware toolset, including geographical distribution, lookups, submissions, file types, detection ratios & efficacy of crowd-sourced YARA rules. https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html
๐Ÿ—ฃvirusbtn


๐ŸŽ–@malwr
I have finished my write-up on reversing the Cobalt Strike implementations of indirect syscalls. With thanks to @0xDISREL for suggesting I look at it and supplying a beacon and to @DuchyRE for tips about unpacking and structures.

https://github.com/dodo-sec/Malware-Analysis/blob/main/Cobalt%20Strike/Indirect%20Syscalls.md
๐Ÿ—ฃdodo_sec


๐ŸŽ–@malwr