A forum for reverse engineering, OS internals and malware analysis 

Search found 63 matches

 Go to advanced search

Re: APT malware

 by frame4-mdpro ¦  Thu Aug 16, 2018 2:18 am ¦  Forum: Completed Malware Requests ¦  Topic: APT malware ¦  Replies: 1 ¦  Views: 1645

Looking for some samples related to BigBang APT attack.These samples are detected by thor apt scanner. ref: www.virustotal.com/#/search/bigbang https://research.checkpoint.com/apt-attack-middle-east-big-bang/ IOCs: 15dc986ac62802299e191265d7988bcc a233d90b8e5c19c4b3373bb76eb11428 ffa28663971137e0d2...

Re: ChessMaster

 by frame4-mdpro ¦  Tue Nov 28, 2017 6:49 pm ¦  Forum: Completed Malware Requests ¦  Topic: ChessMaster ¦  Replies: 2 ¦  Views: 5818

Xylitol wrote:Not the sample asked (BKDR_ANEL.ZKEI) but of interest:...
Thanks a lot!

ChessMaster

 by frame4-mdpro ¦  Tue Nov 21, 2017 5:18 pm ¦  Forum: Completed Malware Requests ¦  Topic: ChessMaster ¦  Replies: 2 ¦  Views: 5818

Hi,

I am looking for : af1b2cd8580650d826f48ad824deef3749a7db6fde1c7e1dc115c6b0a7dfa0dd

From this article: hxxps://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/

Be great if someone has it and can forward a copy.

Thanks!

Re: Cybellum - another pseudo security company from Israel

 by frame4-mdpro ¦  Thu Mar 23, 2017 5:00 am ¦  Forum: General Discussion ¦  Topic: Cybellum - another pseudo security company from Israel ¦  Replies: 9 ¦  Views: 22561

Heh, agreed -- all valid observations :) I saw that Alex Ionesco was indicating on Twitter that they ripped off his research from 2015: hxxps://twitter.com/aionescu/status/844585650238107648 Video here: hxxps://youtu.be/pHyWyH804xE And his research/slides are here: hxxps://github.com/ionescu007/Hook...

Re: Where to aquire new malware samples?

 by frame4-mdpro ¦  Fri Feb 03, 2017 5:44 am ¦  Forum: Newbie Questions ¦  Topic: Where to aquire new malware samples? ¦  Replies: 4 ¦  Views: 15351

Bit late to the party, but I've just come across this https://vxintel.github.io -- seems to be a paid resource though.

Re: Source of Malware

 by frame4-mdpro ¦  Fri Feb 03, 2017 5:42 am ¦  Forum: Malware ¦  Topic: Source of Malware ¦  Replies: 141 ¦  Views: 223755

Re: Equation Auction

 by frame4-mdpro ¦  Thu Aug 18, 2016 5:18 pm ¦  Forum: Malware ¦  Topic: Equation Auction ¦  Replies: 5 ¦  Views: 6279

tizanidine wrote:Let us remember, though, that ugly code doesn't devalue a working exploit itself.. If they indeed are working exploits, that is....
Cisco and Fortinet have confirmed these indeed work for (some of) their product lines.

Getting a PlugX Builder

 by frame4-mdpro ¦  Mon Jun 27, 2016 4:21 pm ¦  Forum: Completed Malware Requests ¦  Topic: Getting a PlugX Builder ¦  Replies: 2 ¦  Views: 3963

Hi,

As per this article:
hxxp://blog.airbuscybersecurity.com/post/2016/06/Getting-a-PlugX-builder

Can anyone share a recent PlugX builder, or post some hashes?

Thanks.

Edit: @Team, could you please move post to "Malware Requests" - thanks.

Re: Chinese Sample/Information Request

 by frame4-mdpro ¦  Fri Apr 22, 2016 1:40 pm ¦  Forum: Completed Malware Requests ¦  Topic: Chinese Sample/Information Request ¦  Replies: 3 ¦  Views: 3986

Thanks all - this post can be moved to closed posts section.

Chinese Sample/Information Request

 by frame4-mdpro ¦  Fri Apr 15, 2016 12:08 am ¦  Forum: Completed Malware Requests ¦  Topic: Chinese Sample/Information Request ¦  Replies: 3 ¦  Views: 3986

I am looking for information and samples on the following; article is in Chinese:

http://www.freebuf.com/articles/system/101447.html

There are no hashes as far as I can see.
Any information is appreciated.
Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7