Search found 1617 matches

by Xylitol
Tue Mar 19, 2019 4:36 am
Forum: Malware
Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL)
Replies: 2
Views: 310

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

so far the rule works good. has been pulled also here https://github.com/Yara-Rules/rules/blob/master/CVE_Rules/CVE-2018-20250.yar ---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP FILE >>>>> C:/SBOX/temp/ace/0312885f07b5a028e64c6a2a440a8584c67adf2c0986e99447328c4bede4e102 - wincon.exe -...
by Xylitol
Mon Mar 18, 2019 4:08 am
Forum: General Discussion
Topic: Global ATM Malware Wall
Replies: 1
Views: 126

Global ATM Malware Wall

https://i.imgur.com/4RvpKuy.png Hi there, With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila. You will find here malwares that specifically targets ATMs, and reports (notice) about them. Files of interest got ...
by Xylitol
Fri Mar 15, 2019 2:47 pm
Forum: Malware
Topic: What format does AZORult stealer follows when communicating with it's CnC Server?
Replies: 1
Views: 249

Re: What format does AZORult stealer follows when communicating with it's CnC Server?

https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside gate v1: https://github.com/futex/Malwares-code/blob/master/Panels/AZORult/V1/gate.php gate v2: https://github.com/futex/Malwares-code/blob/master/Panels/AZORult/V2/gate.php gate...
by Xylitol
Fri Mar 15, 2019 2:23 pm
Forum: Completed Malware Requests
Topic: CVE-2018-20250 Exploits (WinRAR)
Replies: 1
Views: 309

Re: CVE-2018-20250 Exploits (WinRAR)

attached everything except 65e6831bf0f3af34e19f25dfaef49823 (16.58 MB) and d7d30c2f26084c6cfe06bc21d7e813b1 who can be found here: viewtopic.php?f=16&t=5479
by Xylitol
Fri Mar 15, 2019 2:05 pm
Forum: Malware
Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL)
Replies: 2
Views: 310

CVE-2018-20250 (WinRAR UNACEV2.DLL)

Extracting a 19 Year Old Code Execution from WinRAR - https://research.checkpoint.com/extracting-code-execution-from-winrar/ Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) - https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vu...
by Xylitol
Mon Mar 04, 2019 12:43 am
Forum: Tools/Software
Topic: tools required for analysis malware and ransomeware
Replies: 5
Views: 1202

Re: tools required for analysis malware and ransomeware

a list of tools i did: Binary: https://translate.google.fr/translate?sl=fr&tl=en&u=https://wiki.zenk-security.com/doku.php?id=outils_binaire Malware: https://translate.google.fr/translate?sl=fr&tl=en&u=https%3A%2F%2Fwiki.zenk-security.com%2Fdoku.php%3Fid%3Doutils_malware generic list and a bit outda...
by Xylitol
Mon Mar 04, 2019 12:27 am
Forum: Malware
Topic: Win.Trojan.Derkziel-1
Replies: 0
Views: 274

Win.Trojan.Derkziel-1

Back in 2015 we've seen Derkziel Stealer, this one haven't made a lot of noise on media (even here, no one cared to did a thread) only the guys of mlw.re cared to write a bit as they had nothing better to do. Derkziel Software - https://blog.huntingmalware.com/notes/derkziel So here we are. Derkziel...
by Xylitol
Sat Mar 02, 2019 6:34 pm
Forum: Malware Requests
Topic: B0r0nt0K ransomware
Replies: 3
Views: 500

Re: B0r0nt0K ransomware

all i see is an isolated incident, one article/forum post, no IoC and tons of article reposts based on first source, thanks to usual security clowns and sellers of magic powder.

Image
by Xylitol
Thu Feb 28, 2019 1:20 pm
Forum: Malware
Topic: Trojan:Win32/Chopper.A (China Chopper)
Replies: 0
Views: 279

Trojan:Win32/Chopper.A (China Chopper)

2012 threat, small ASP webshell from China. a bit of lecture: mitre: China Chopper: https://attack.mitre.org/software/S0020/ (2012) China Chopper Webshell - the 4KB that Owns your Web Server: https://informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html (2013) Breaking Down the Chin...
by Xylitol
Sat Jan 05, 2019 2:40 pm
Forum: Newbie Questions
Topic: Malware Unpack Tutorials?
Replies: 5
Views: 1675

Re: Malware Unpack Tutorials?

there is no universal way but have a look at this http://interestingmalware.blogspot.com/ ... runpe.html you might see that often.
https://vimeo.com/290820683