Kovter using Poweliks methods:
https://reaqta.com/2015/09/poweliks-fil ... -evolving/
Config:
http://pastebin.com/5C6cjamP
Sample:
https://www.virustotal.com/en/file/673b ... /analysis/
Thanks to Horgh for clarifying
Search found 224 matches
- Thu Sep 17, 2015 12:54 pm
- Forum: Malware
- Topic: Win32/Kovter
- Replies: 39
- Views: 51767
- Fri Sep 11, 2015 8:14 pm
- Forum: Malware
- Topic: Suceful (ATM malware)
- Replies: 0
- Views: 4081
Suceful (ATM malware)
Hi folks, today FireEye released an article about a new ATM malware: https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html FireEye Labs discovered a new piece of ATM malware ... that we detect as Backdoor.ATM.Suceful (the name comes from a typo made by the malware authors), w...
Re: Carbanak
More information about the new Carbanak (and yes, also hashes): http://www.welivesecurity.com/2015/09/0 ... -new-guns/
- Thu Sep 03, 2015 5:31 pm
- Forum: Malware
- Topic: Backdoor:Win32/Kawpfuni.A
- Replies: 3
- Views: 4624
Re: Backdoor:Win32/Kawpfuni.A
Nice find, I didn't pay any attention to the PDB paths. I have also collected some samples of this threat actor in the past:
http://thegoldenmessenger.blogspot.de/2 ... lware.html
http://thegoldenmessenger.blogspot.de/2 ... lware.html
- Thu Sep 03, 2015 2:39 pm
- Forum: Malware
- Topic: Backdoor:Win32/Kawpfuni.A
- Replies: 3
- Views: 4624
Backdoor:Win32/Kawpfuni.A
Hi folks, attached are samples of a malware with alleged purpose to steal sensitive information from South Korea / U.S. military. Abstract of strings: Military military MILITARY weapon Weapon WEAPON battle Battle BATTLE munition missile Missile MISSILE Aircraft Figther Resolve resolve Operation oper...
- Thu Sep 03, 2015 2:24 pm
- Forum: Malware
- Topic: Backdoor.Switrex
- Replies: 0
- Views: 3114
Backdoor.Switrex
Hi folks, attached are some samples of a .NET malware. Info: http://www.symantec.com/security_response/writeup.jsp?docid=2015-083103-0310-99&tabid=2 No obfuscation, C&C server is only Base64 encoded. One more C&C Server: myapp.no-ip.biz Samples: https://www.virustotal.com/en/file/1d11058076ca6953246...
- Tue Aug 25, 2015 12:02 pm
- Forum: Malware
- Topic: Careto/Mask APT campaign
- Replies: 9
- Views: 29742
Re: Careto/Mask APT campaign
Hi folks, attached are 4 samples of a malware of the Careto toolset which weren't publicly disclosed, yet. The samples were all uploaded from Cuba and one sample has a C&C server pointing to a former Ministry of Foreign Affairs domain. Strings in the .data section are encrypted with an algorithm tha...
- Sat Aug 15, 2015 11:01 am
- Forum: Malware
- Topic: Cheshire Cat | Windows NT dusty malware?
- Replies: 7
- Views: 6408
Re: Cheshire Cat | Windows NT dusty malware?
No, there is no paper or article by Kaspersky about this threat. I was referring to the signature of the samples.
- Mon Aug 10, 2015 4:35 pm
- Forum: Malware
- Topic: Cheshire Cat | Windows NT dusty malware?
- Replies: 7
- Views: 6408
Re: Cheshire Cat | Windows NT dusty malware?
List of extracted domain names: www.divextreme-ar.com www.crazy-jump.com www.dive-extreme.com www.tandemskydive-ar.com www.groupdive.com www.skydivelessons.com www.bungee4you-br.com www.brazil-crazybungee.com www.bungeejumping-br.com www.groupbungee-br.com www.divextreme-au.com www.crazyjump-uy.com ...
- Mon Jul 20, 2015 9:35 am
- Forum: Malware
- Topic: Trojan.Dionisduke (alias MiniDionis) - Pentagon attack
- Replies: 0
- Views: 4092
Trojan.Dionisduke (alias MiniDionis) - Pentagon attack
Hi folks, the following information is based on an online article which describes a spear-fishing attack on the Pentagon: http://www.thedailybeast.com/articles/2015/07/18/russian-hackers-target-the-pentagon.html As you can see, the article is quite entertaining. So, if we believe the provided inform...