Search found 20 matches

by geoffreyvdb
Mon Aug 29, 2016 9:18 am
Forum: Newbie Questions
Topic: Code golfing to trigger false positives?
Replies: 4
Views: 6794

Re: Code golfing to trigger false positives?

drop the EICAR string in there :D
by geoffreyvdb
Fri Aug 19, 2016 2:12 pm
Forum: User-Mode Development
Topic: WMI persistence in C++
Replies: 0
Views: 17645

WMI persistence in C++

Hi, I was fiddling around with WMI to see how it all works and I'm having problems achieving WMI persistence in C++. What I'm trying to do is get calc.exe to launch every time the system has booted up. I've found a good explanation about what is needed to achieve this on slide 27 here: https://files...
by geoffreyvdb
Fri Aug 12, 2016 7:37 pm
Forum: Completed Malware Requests
Topic: Dridex/Locky downloader/dropper
Replies: 1
Views: 2754

Dridex/Locky downloader/dropper

Hi, I'm looking for the following docm: ... /analysis/

by geoffreyvdb
Thu Aug 11, 2016 9:57 pm
Forum: Malware
Topic: Java/Jacksbot
Replies: 1
Views: 2442

Re: Malware collection

Jacksbot multiplatform java backdoor by redpois0n from hackforums (lol) ... iscovered/
by geoffreyvdb
Tue Aug 09, 2016 3:25 pm
Forum: Malware
Topic: Backdoor.Remsec
Replies: 2
Views: 4300


New APT discovered by Kaspersky Features: Unique footprint: Core implants that have different file names and sizes and are individually built for each target – making it very difficult to detect since the same basic indicators of compromise would have little value for any other target. Running in me...
by geoffreyvdb
Wed Jun 01, 2016 8:38 am
Forum: General Discussion
Topic: Bromium malware challenge
Replies: 0
Views: 6498

Bromium malware challenge If you can bypass bromium endpoint security, you will get £10K which is around 14470 dollars. Does anybody have any experience with the sandboxing technique that they use? They claim to be using CPU-enforced isolation. The target computers would run unpatched v...
by geoffreyvdb
Tue May 31, 2016 10:53 pm
Forum: Malware
Topic: Win32/Kovter
Replies: 39
Views: 51745

Re: Kovter

kovter is polymorphic, this could be the reason why you can't find the sample by hash attached is dropper I think, didn't look at it yet but that's what it looks like from this HA report:
by geoffreyvdb
Wed May 11, 2016 6:55 pm
Forum: Completed Malware Requests
Replies: 1
Views: 3686


Looking for sample of this malware, more info in following blog post: ... cards.html

Finding samples for these might be hard as they were used in spear phishing campaigns, also no hashes seem to have been shared
by geoffreyvdb
Tue May 10, 2016 11:52 am
Forum: Malware
Topic: Android Malware(All Android malware goes here)
Replies: 104
Views: 181518

Re: Android Malware(All Android malware goes here)

Viking horde botnet 5 of the apks in attach Most popular one has 50k - 100k downloads (analysis failed)
by geoffreyvdb
Mon May 02, 2016 5:30 pm
Forum: Malware
Topic: Backdoor Andromeda (waahoo, alias Gamarue)
Replies: 129
Views: 190946

Re: Backdoor Andromeda (waahoo, alias Gamarue)

forgot sample