Search found 16 matches

by Bogdan-Mihai
Tue Feb 21, 2017 10:12 am
Forum: General Discussion
Topic: ATM malware
Replies: 0
Views: 5844

ATM malware

So ... I am running some tests with malware on test ATMs. I know some time ago there was a flaw in security solutions like SolidCore from McAfee (is like the old DeepFreeze for internet cafe's PCs) that helped some ATM malware bypass it. Are you aware of any new attacks of this kind or any malware s...
by Bogdan-Mihai
Wed Feb 08, 2017 11:45 am
Forum: Malware
Topic: Keybase keylogger
Replies: 2
Views: 278

Re: Malware collection

Antelox wrote:
Bogdan-Mihai wrote:A recent keylogger from a malspam. Doc with macro + payload.
Keybase keylogger

Post to:
185.145.128.177/components/chibu/post.php
BR,

Antelox
Yup. I should have said that.
by Bogdan-Mihai
Wed Feb 08, 2017 10:54 am
Forum: Malware
Topic: Keybase keylogger
Replies: 2
Views: 278

Keybase keylogger

A recent keylogger from a malspam. Doc with macro + payload.
by Bogdan-Mihai
Tue Dec 06, 2016 10:40 am
Forum: Malware
Topic: Locky ransomware
Replies: 142
Views: 201964

Re: Locky ransomware

New version with .osiris extension.

https://www.bleepingcomputer.com/news/s ... extension/

If I catch one, I`ll post it here asap.
by Bogdan-Mihai
Tue Nov 29, 2016 10:46 am
Forum: Malware
Topic: Locky ransomware
Replies: 142
Views: 201964

Re: Locky ransomware

Same as above ".zzzz" extension, but an Locky excel macro sample from today malspam.
VT: https://www.virustotal.com/en/file/af59 ... /analysis/

C&C still up at the time of this post.
by Bogdan-Mihai
Fri Nov 25, 2016 10:21 am
Forum: Malware
Topic: Locky ransomware
Replies: 142
Views: 201964

Re: Locky ransomware

There's a new one in the wild.
I think this is it: https://www.virustotal.com/en/file/4b9a ... 479986832/
Some send it as .hta file, in facebook messenger looks like a picture. People think is an image so they double click it.
by Bogdan-Mihai
Wed Nov 09, 2016 9:29 am
Forum: Malware
Topic: HIDEDRV sample
Replies: 7
Views: 13648

Re: HIDEDRV sample

MindfreaK wrote:Interesting paper. Does somebody know when the binary was found ?
Or can somebody provide vt link?
Does somebody know where the name Sednit comes from ?
https://virustotal.com/en/file/4bfe2216 ... /analysis/
by Bogdan-Mihai
Fri Nov 04, 2016 8:00 am
Forum: General Discussion
Topic: Hello!
Replies: 3
Views: 28143

Re: Hello!

Welcome! :)
by Bogdan-Mihai
Mon Oct 24, 2016 8:25 am
Forum: Malware
Topic: Point-of-Sale malwares / RAM scrapers
Replies: 244
Views: 861605

Re: Point-of-Sale malwares / RAM scrapers

ProjectHook RAM scraper seems to be alive (thx to xylitol) I cannot found any malware sample but attached the source code of the new panel http://i.imgur.com/aeWmlAc.png new gate rxcx.php: <?php //$email = "XXXX@XXXX.XXX"; $email = "XXXX@XXXX.XX"; $headers  = "MIME-Version: 1.0\r\n"; $headers .= "C...