Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
๐@malwr
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
๐@malwr
Eclecticiq
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
Analysis of DinodasRAT Linux implant | Securelist
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
๐@malwr
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
๐@malwr
Securelist
Analysis of DinodasRAT Linux implant
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
๐1
Introducing SharpConflux - LRQA Nettitude Labs
SharpConflux, a .NET application built to facilitate Confluence exploitation during Red Team and Penetration Testing engagements.
https://labs.nettitude.com/blog/introducing-sharpconflux/
๐@malwr
SharpConflux, a .NET application built to facilitate Confluence exploitation during Red Team and Penetration Testing engagements.
https://labs.nettitude.com/blog/introducing-sharpconflux/
๐@malwr
LRQA
Introducing SharpConflux
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and documentation relatingโฆ
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
๐@malwr
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
๐@malwr
Malware Development Essentials Part 1 | by Smukx | Mar, 2024 | Medium
For Malware development and security professionals, understanding the inner workings of Windows is crucial. Windows internals, the hidden world beneath the user interface, can harbor vulnerabilitiesโฆ
https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9
๐@malwr
For Malware development and security professionals, understanding the inner workings of Windows is crucial. Windows internals, the hidden world beneath the user interface, can harbor vulnerabilitiesโฆ
https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9
๐@malwr
Medium
Malware Development Essentials Part 1
Become an Beginner to Intermediate on Maldev field. This covers Fundamentals, core concepts, Functions , OS Internets and moreโฆ
Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
https://github.com/Cracked5pider/LdrLibraryEx
๐@malwr
https://github.com/Cracked5pider/LdrLibraryEx
๐@malwr
GitHub
GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.
Windows Memory Forensics
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
๐@malwr
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
๐@malwr
VMware ESXi Forensic with Velociraptor
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
๐@malwr
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
๐@malwr
Synacktiv
VMware ESXi Forensic with Velociraptor
New DinodasRAT Used as Linux Implants Worldwide: First Known Variant Still remains a Mystery
DinodasRAT is a C++ backdoor that was initially used to attack government organizations in Guyana. A new Linux variant targeting Red Hat and Ubuntu Linux has been discovered. The malware establishes persistence using Systemd and SystemV, communicates with C2 servers via TCP or UDP, and uses encryption. Its infrastructure has been linked to specific IP addresses and domains, affecting several countries.
https://hackhunting.com/2024/03/29/new-dinodasrat-used-as-linux-implants-worldwide-first-known-variant-still-remains-a-mystery/
๐@malwr
DinodasRAT is a C++ backdoor that was initially used to attack government organizations in Guyana. A new Linux variant targeting Red Hat and Ubuntu Linux has been discovered. The malware establishes persistence using Systemd and SystemV, communicates with C2 servers via TCP or UDP, and uses encryption. Its infrastructure has been linked to specific IP addresses and domains, affecting several countries.
https://hackhunting.com/2024/03/29/new-dinodasrat-used-as-linux-implants-worldwide-first-known-variant-still-remains-a-mystery/
๐@malwr
Geeoon/DNS-Tunnel-Keylogger: Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
https://github.com/Geeoon/DNS-Tunnel-Keylogger
๐@malwr
https://github.com/Geeoon/DNS-Tunnel-Keylogger
๐@malwr
GitHub
GitHub - Geeoon/DNS-Tunnel-Keylogger: Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokesโฆ
Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls. - Geeoon/DNS-Tunnel-Keylogger
New Malicious PyPI Packages used by Lazarus
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
๐@malwr
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
๐@malwr
JPCERT/CC Eyes
New Malicious PyPI Packages used by Lazarus - JPCERT/CC Eyes
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository (Figure 1). The Python packages confirmed this time are as follows: * pycryptoenv * pycryptoconf * quasarlib * swapmempool The packageโฆ
Quick Forensics Analysis of Apache logs - SANS Internet Storm Center
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
๐@malwr
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
๐@malwr
SANS Internet Storm Center
Quick Forensics Analysis of Apache logs - SANS ISC
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
๐1
In-the-Wild Windows LPE 0-days: Insights & Detection Strategies โ Elastic Security Labs
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
๐@malwr
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
๐@malwr
www.elastic.co
In-the-Wild Windows LPE 0-days: Insights & Detection Strategies โ Elastic Security Labs
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
๐@malwr
Advanced CyberChef techniques using Registers, Regex and Flow Control
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
๐@malwr
Embee Research
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
Android Malware Vultur Expands Its Wingspan โ Fox-IT International blog
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim's mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that areโฆ
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
๐@malwr
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim's mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that areโฆ
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
๐@malwr
Fox-IT International blog
Android Malware Vultur Expands Its Wingspan
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely intโฆ
[Nullcon Berlin 2024] The complexity of reversing Flutter applications
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
๐@malwr
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
๐@malwr