Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 6
103 résultats taggé analysis  ✕
Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad --> FakeBat Loader --> Redline Stealer & Gozi/ISFB/Ursnif https://www.malware-traffic-analysis.net/2023/02/03/index.html
05/02/2023 10:46:32
QRCode
archive.org

NOTES:

Zip files are password-protected. If you don't know the password, see the "about" page of this website.
IOCs are listed on this page below all of the images.

malware-traffic-analysis EN 2023 analysis googleads DEV-0569 CPU-Z IoCs
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/?hss_channel=tw-1141929006603866117
31/01/2023 23:02:11
QRCode
archive.org
thumbnail

Cyble analyzes 'InTheBox' as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide,

cyble EN 2023 analysis InTheBox Android Banking injection
Chinese PlugX Malware Hidden in Your USB Devices? https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
29/01/2023 01:19:50
QRCode
archive.org
thumbnail

PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.

unit42 EN 2023 PlugX analysis
The Titan Stealer: Notorious Telegram Malware Campaign https://www.uptycs.com/blog/titan-stealer-telegram-malware-campaign
25/01/2023 20:37:26
QRCode
archive.org
thumbnail

The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.

uptycs EN 2023 Titan Stealer Campaign analysis IoCs
Following the LNK metadata trail https://blog.talosintelligence.com/following-the-lnk-metadata-trail/
24/01/2023 08:40:57
QRCode
archive.org
thumbnail

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.

talosintelligence EN 2023 LNK analysis metadata
Darth Vidar: The Dark Side of Evolving Threat Infrastructure https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure
23/01/2023 13:04:53
QRCode
archive.org
thumbnail

Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar operators / customers, making it more challenging for analysts to have a complete overview of this threat. These gateways now appear to be migrating to Tor. Vidar operators appear to be expanding their infrastructure, so analysts need to keep them in their sights. We expect a new wave of customers and as a result, an increase of campaigns in the upcoming weeks

team-cymru EN 2023 Vidar infostealer analysis threat infrastructure VPN
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
19/01/2023 20:11:10
QRCode
archive.org
thumbnail

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).

trendmicro EN 2023 Malware Batloader analysis
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
04/01/2023 18:06:41
QRCode
archive.org
thumbnail

We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.

minerva-labs EN 2022 CatB analysis DLL Hijacking Ransomware
Shc Linux Malware Installing CoinMiner https://asec.ahnlab.com/en/45182/
04/01/2023 12:14:36
QRCode
archive.org
thumbnail

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

asec 2023 EN Shell Script Compiler analysis Linux Malware CoinMiner Shc
The Mac Malware of 2022 👾 https://objective-see.org/blog/blog_0x71.html
02/01/2023 19:48:36
QRCode
archive.org
thumbnail

A comprehensive analysis of the year's new malware

objective-see 2022 EN malware macos analysis
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information https://blog.cyble.com/2022/12/23/new-youtube-bots-malware-spotted-stealing-users-sensitive-information/
30/12/2022 11:55:50
QRCode
archive.org
thumbnail

New YouTube Bot Malware Spotted Stealing User’s Sensitive Information

Cyble EN 2022 Malware Bot YouTube stealer analysis
Pure coder offers multiple malware for sale in Darkweb forums https://blog.cyble.com/2022/12/27/pure-coder-offers-multiple-malware-for-sale-in-darkweb-forums/
30/12/2022 11:54:35
QRCode
archive.org
thumbnail

Italians Users Targeted By PureLogs Stealer Through Spam Campaigns

Cyble EN 2022 Pure malware Darkweb PureLogs analysis
New RisePro Stealer distributed by the prominent PrivateLoader https://blog.sekoia.io/new-risepro-stealer-distributed-by-the-prominent-privateloader/
28/12/2022 11:36:48
QRCode
archive.org
thumbnail

PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.

sekoia EN 2022 PrivateLoader malware stealer RisePro analysis
ProxyNotRelay - An Exchange Vulnerability Encore https://rw.md/2022/11/09/ProxyNotRelay.html
28/12/2022 02:55:31
QRCode
archive.org

In this blog post we will dive into the latest Microsoft Exchange 0-day vulnerability, dubbed #ProxyNotShell, how it relates to other Exchange vulnerabilities and finally demonstrate how ProxyRelay can combined with ProxyNotShell, even with Extended Protection and IIS rewrite rules enabled.

rw.md EN 2022 ProxyNotRelay ProxyNotShell analysis CVE-2022–41082 CVE-2022–41040
Shlayer Malware: Continued Use of Flash Updates https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/
28/12/2022 02:49:09
QRCode
archive.org
thumbnail

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

crowdstrike EN 2021 Flash Player macOS Shlayer malvertising analysis IoCs
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files https://objective-see.org/blog/blog_0x70.html
28/12/2022 02:46:15
QRCode
archive.org
thumbnail

While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.

objective-see 2022 EN Shlayer macos malware IoCs analysis
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins/
26/12/2022 23:07:12
QRCode
archive.org
thumbnail

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

talosintelligence EN 2022 Excel XLLing malicious add-ins XLL malicious analysis
Raspberry Robin Malware Targets Telecom, Governments https://www.trendmicro.com/en_us/research/22/l/raspberry-robin-malware-targets-telecom-governments.html
26/12/2022 23:06:07
QRCode
archive.org
thumbnail

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.

trendmicro EN 2022 malware apt endpoints RaspberryRobin obfuscation analysis
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
26/12/2022 23:03:12
QRCode
archive.org
thumbnail

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

sentinelone EN 2022 ransomware PolyVice ViceSociety analysis
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town
23/12/2022 22:35:26
QRCode
archive.org
thumbnail

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

cluster25 EN 2022 infostealer Italy phishing Campaigns analysis Alibaba2044 IoCs
page 1 / 6
1033 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio