A forum for reverse engineering, OS internals and malware analysis 

Search found 51 matches

 Go to advanced search

APT32

 by r0ny ¦  Wed Apr 03, 2019 5:52 pm ¦  Forum: Completed Malware Requests ¦  Topic: APT32 ¦  Replies: 1 ¦  Views: 212

OceanLotus Steganography https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html iocs: ae1b6f50b166024f960ac792697cd688be9288601f423c15abbc755c66b6daa4 0ee693e714be91fd947954daee85d2cd8d3602e9d8a840d520a2b17f7c80d999 a2719f203c3e8dcdcc714dd3c1b60a4cbb5f...

Re: Looking for presumably NATO supplied APT

 by r0ny ¦  Thu Dec 06, 2018 6:54 am ¦  Forum: Completed Malware Requests ¦  Topic: Looking for presumably NATO supplied APT ¦  Replies: 1 ¦  Views: 846

all but 2abb76d71fb1b43173589f56e461011b

APT28 Sofacy

 by r0ny ¦  Tue Nov 20, 2018 5:05 pm ¦  Forum: Completed Malware Requests ¦  Topic: APT28 Sofacy ¦  Replies: 1 ¦  Views: 968

Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan ref: https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/ IOcs: fb5b1c2fccf21aa076449ecdf6f888d1 ccd2e208c308b56acb5fb86dd029c034 efa1b414bf19ee295cc90f29332de4ed 843ed...

Operation Mystery Baby

 by r0ny ¦  Mon Nov 12, 2018 2:13 pm ¦  Forum: Completed Malware Requests ¦  Topic: Operation Mystery Baby ¦  Replies: 1 ¦  Views: 896

A hacker group likely supported by North Korea has launched an advanced persistent threat (APT) attack by inserting malicious code in a popular South Korean security program. APT attacks are typically characterized by being sophisticated, long-term attacks aimed at monitoring information and stealin...

Tick

 by r0ny ¦  Wed Oct 24, 2018 6:39 pm ¦  Forum: Completed Malware Requests ¦  Topic: Tick ¦  Replies: 1 ¦  Views: 925

Tracking Tick Through Recent Campaigns Targeting East Asia Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight and Bronze Butler. Although each campaign empl...

LoJax(UEFI rootkit)

 by r0ny ¦  Sun Sep 30, 2018 12:25 pm ¦  Forum: Malware ¦  Topic: LoJax(UEFI rootkit) ¦  Replies: 6 ¦  Views: 2667

LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group ref: https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ IOCs: 4b9e71615b37aea1eaeb5b1cfa0eee048118ff72 1771e435ba25f9cdfa77168899490d87681f2029 ddaa06a4021baf980a08caea899f2904...

Xbash

 by r0ny ¦  Fri Sep 21, 2018 3:58 pm ¦  Forum: Malware ¦  Topic: Xbash Linux ver ¦  Replies: 3 ¦  Views: 1482

Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/ IOCs: f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8 31155bf8...

OceanLotus

 by r0ny ¦  Fri Sep 14, 2018 3:43 pm ¦  Forum: Completed Malware Requests ¦  Topic: OceanLotus ¦  Replies: 1 ¦  Views: 1233

The 360 ​​Threat Intelligence Center recently discovered the new CVE-2017-11882 vulnerability document used by Sea Lotus. Through the analysis of the vulnerability document and related attacks, we linked the organization's recent attacks against South Asian countries. And found a suspected "Hai Lian...

Operation AppleJeus

 by r0ny ¦  Tue Sep 04, 2018 2:38 pm ¦  Forum: Completed Malware Requests ¦  Topic: Operation AppleJeus ¦  Replies: 1 ¦  Views: 2205

Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware ref: https://securelist.com/operation-applejeus/87553/ IOCs: d555dcb6da4a6b87e256ef75c0150780b8a343c4a1e09935b0647f01d974d94d e2199fc4e4b31f7e4c61f6d9038577633ed6ad787718ed7c39b36f316f38befd 08012e68f4f84...

Malicious Docs

 by r0ny ¦  Thu Aug 30, 2018 6:21 pm ¦  Forum: Completed Malware Requests ¦  Topic: Malicious Docs ¦  Replies: 1 ¦  Views: 1841

The attackers behind Olympic Destroyer are now targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine. They continue to use a non-binary executable infection vector and obfuscated scripts to evade detection. ref: https://secureli...