Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
VectorKernel/InjectLibrary/InjectLibraryDrv at fc58acf4313f4fb73fd0af552a4bfa0832e1501e ยท daem0nc0re/VectorKernel
PoCs for Kernelmode rootkit techniques research. Contribute to daem0nc0re/VectorKernel development by creating an account on GitHub.
๐1
ARM64 Reversing And Exploitation โ Part 10 โ Intro to Arm Memory Tagging Extension (MTE)
https://8ksec.io/arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte
๐@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte
๐@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
ARM64 Reversing And Exploitation โ Part 10 โ Intro to Arm Memory Tagging Extension (MTE) - 8kSec
Hey all! In this blog, we will give a brief introduction to a relatively new security feature called MTE (Memory Tagging Extension). Even though it was announced years ago, there was no implementation of this. But recently, the Google Pixel 8 devices haveโฆ
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
๐1
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
๐@malwr
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
๐@malwr
Cisco Talos Blog
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
Mustang Pandaโs PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time,...
https://lab52.io/blog/mustang-pandas-plugx-new-variant-targetting-taiwanese-government-and-diplomats/
๐@malwr
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time,...
https://lab52.io/blog/mustang-pandas-plugx-new-variant-targetting-taiwanese-government-and-diplomats/
๐@malwr
lab52.io
Mustang Pandaโs PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threatโฆ
NCC Groupโs 2022 & 2023 Research Report
https://research.nccgroup.com/2023/12/11/ncc-groups-2022-2023-research-report/
๐@malwr
https://research.nccgroup.com/2023/12/11/ncc-groups-2022-2023-research-report/
๐@malwr
NCC Group Research Blog
NCC Groupโs 2022 & 2023 Research Report
Over the past two years, our global cybersecurity research has been characterized by unparalleled depth, diversity, and dedication to safeguarding the digital realm. The highlights of our work not โฆ
๐2
2023-12-12 - Brazil malspam leds to Astaroth (Guildma) infection
https://www.malware-traffic-analysis.net/2023/12/11/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/12/11/index.html
๐@malwr
A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
๐@malwr
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
๐@malwr
Welivesecurity
A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds
Technical Advisory โ Multiple Vulnerabilities in Nagios XI
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
๐@malwr
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
๐@malwr
NCC Group Research Blog
Technical Advisory โ Multiple Vulnerabilities in Nagios XI
Introduction This is the second Technical Advisory post in a series wherein I audit the security of popular Remote Monitoring and Management (RMM) tools. (First: Multiple Vulnerabilities in Faronicโฆ
Malvertisers zoom in on cryptocurrencies and initial access
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
๐@malwr
Malwarebytes
Malvertisers zoom in on cryptocurrencies and initial access | Malwarebytes
Threat actors are increasingly placing malicious ads for Zoom within Google searches.
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
๐@malwr
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
๐@malwr
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
https://research.nccgroup.com/2023/12/14/wip-reverse-reveal-recover-windows-defender-quarantine-forensics/
๐@malwr
https://research.nccgroup.com/2023/12/14/wip-reverse-reveal-recover-windows-defender-quarantine-forensics/
๐@malwr
NCC Group Research Blog
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Max Groot and Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengineโฆ
Rhadamanthys v0.5.0 โ a deep dive into the stealerโs components
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
๐@malwr
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
๐@malwr
Aggressive Malign Influence Threatens to Shape US 2024 Elections
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic geopolitical goals.
https://www.recordedfuture.com/aggressive-malign-influence-threatens-us-2024-elections
๐@malwr
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic geopolitical goals.
https://www.recordedfuture.com/aggressive-malign-influence-threatens-us-2024-elections
๐@malwr
Recordedfuture
Aggressive Malign Influence Threatens to Shape US 2024 Elections | Recorded Future
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategicโฆ
โค1
Mobile Malware Analysis Part 6 โ Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-6-xenomorph
๐@malwr
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-6-xenomorph
๐@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 6 โ Xenomorph - 8kSec
Welcome to the sixth installment of our Mobile Malware Series, dedicated to dissecting the latest threats and fortifying your cybersecurity defenses. In this edition, we
OilRigโs persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
๐@malwr
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
๐@malwr
Welivesecurity
OilRigโs persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.
โค1๐1
2023-12-13 - Two AgentTesla infections (one FTP and one SMTP)
https://www.malware-traffic-analysis.net/2023/12/13/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/12/13/index.html
๐@malwr
๐ฅ1
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
๐@malwr
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
๐@malwr
Trend Micro
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
PikaBot distributed via malicious search ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
๐@malwr
ThreatDown by Malwarebytes
PikaBot distributed via malicious search ads - ThreatDown by Malwarebytes
PikaBot, a stealthy malware normally distributed via malspam is now being spread via malicious ads.
2023-12-15 - TA577 Pikabot infection
https://www.malware-traffic-analysis.net/2023/12/15/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/12/15/index.html
๐@malwr