Search found 224 matches

by R136a1
Thu Sep 17, 2015 12:54 pm
Forum: Malware
Topic: Win32/Kovter
Replies: 39
Views: 51767

Re: Win32/Kovter

by R136a1
Fri Sep 11, 2015 8:14 pm
Forum: Malware
Topic: Suceful (ATM malware)
Replies: 0
Views: 4081

Suceful (ATM malware)

Hi folks, today FireEye released an article about a new ATM malware: https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html FireEye Labs discovered a new piece of ATM malware ... that we detect as Backdoor.ATM.Suceful (the name comes from a typo made by the malware authors), w...
by R136a1
Tue Sep 08, 2015 12:06 pm
Forum: Malware
Topic: Carbanak
Replies: 9
Views: 24893

Re: Carbanak

More information about the new Carbanak (and yes, also hashes): http://www.welivesecurity.com/2015/09/0 ... -new-guns/
by R136a1
Thu Sep 03, 2015 5:31 pm
Forum: Malware
Topic: Backdoor:Win32/Kawpfuni.A
Replies: 3
Views: 4624

Re: Backdoor:Win32/Kawpfuni.A

Nice find, I didn't pay any attention to the PDB paths. I have also collected some samples of this threat actor in the past:
http://thegoldenmessenger.blogspot.de/2 ... lware.html
by R136a1
Thu Sep 03, 2015 2:39 pm
Forum: Malware
Topic: Backdoor:Win32/Kawpfuni.A
Replies: 3
Views: 4624

Backdoor:Win32/Kawpfuni.A

Hi folks, attached are samples of a malware with alleged purpose to steal sensitive information from South Korea / U.S. military. Abstract of strings: Military military MILITARY weapon Weapon WEAPON battle Battle BATTLE munition missile Missile MISSILE Aircraft Figther Resolve resolve Operation oper...
by R136a1
Thu Sep 03, 2015 2:24 pm
Forum: Malware
Topic: Backdoor.Switrex
Replies: 0
Views: 3114

Backdoor.Switrex

Hi folks, attached are some samples of a .NET malware. Info: http://www.symantec.com/security_response/writeup.jsp?docid=2015-083103-0310-99&tabid=2 No obfuscation, C&C server is only Base64 encoded. One more C&C Server: myapp.no-ip.biz Samples: https://www.virustotal.com/en/file/1d11058076ca6953246...
by R136a1
Tue Aug 25, 2015 12:02 pm
Forum: Malware
Topic: Careto/Mask APT campaign
Replies: 9
Views: 29742

Re: Careto/Mask APT campaign

Hi folks, attached are 4 samples of a malware of the Careto toolset which weren't publicly disclosed, yet. The samples were all uploaded from Cuba and one sample has a C&C server pointing to a former Ministry of Foreign Affairs domain. Strings in the .data section are encrypted with an algorithm tha...
by R136a1
Sat Aug 15, 2015 11:01 am
Forum: Malware
Topic: Cheshire Cat | Windows NT dusty malware?
Replies: 7
Views: 6408

Re: Cheshire Cat | Windows NT dusty malware?

No, there is no paper or article by Kaspersky about this threat. I was referring to the signature of the samples.
by R136a1
Mon Aug 10, 2015 4:35 pm
Forum: Malware
Topic: Cheshire Cat | Windows NT dusty malware?
Replies: 7
Views: 6408

Re: Cheshire Cat | Windows NT dusty malware?

List of extracted domain names: www.divextreme-ar.com www.crazy-jump.com www.dive-extreme.com www.tandemskydive-ar.com www.groupdive.com www.skydivelessons.com www.bungee4you-br.com www.brazil-crazybungee.com www.bungeejumping-br.com www.groupbungee-br.com www.divextreme-au.com www.crazyjump-uy.com ...
by R136a1
Mon Jul 20, 2015 9:35 am
Forum: Malware
Topic: Trojan.Dionisduke (alias MiniDionis) - Pentagon attack
Replies: 0
Views: 4092

Trojan.Dionisduke (alias MiniDionis) - Pentagon attack

Hi folks, the following information is based on an online article which describes a spear-fishing attack on the Pentagon: http://www.thedailybeast.com/articles/2015/07/18/russian-hackers-target-the-pentagon.html As you can see, the article is quite entertaining. So, if we believe the provided inform...