Search found 121 matches

by CloneRanger
Sat Aug 27, 2016 9:45 pm
Forum: Malware
Topic: FAIRWARE Ransomware
Replies: 4
Views: 5058

Re: FAIRWARE Ransomware

darknet email service, so it is just a coincidence then, Thanx, & for the link. Good catch !
by CloneRanger
Sat Aug 27, 2016 4:19 am
Forum: Malware
Topic: FAIRWARE Ransomware
Replies: 4
Views: 5058

Re: FAIRWARE Ransomware

Re - fairware@sigaint.org in the ransom. As soon as i saw sigaint.org it immediately rang a bell ! Here's where i remember seeing it listed - https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae Of course it "could" just be a concidence that the same @ is being used ...
by CloneRanger
Fri Aug 12, 2016 3:46 pm
Forum: Malware
Topic: Backdoor.Remsec
Replies: 2
Views: 4399

Re: Backdoor.Remsec

Strings in some of the files ? I am NOT an expert in deconstructing etc malware, or looked at hundreds/thousands as some of you have, but here's just a couple of things i noticed, that may or may not be worth investigating further ! S p i n L o c k - https://en.wikipedia.org/wiki/Spinlock - I havn't...
by CloneRanger
Tue Mar 15, 2016 10:19 pm
Forum: General Discussion
Topic: Poor Malware Coding !
Replies: 1
Views: 5190

Poor Malware Coding !

First off, good to see you're back online :) Lots of malware gets plenty of LOL's on here & elsewhere, for being Script Kiddy, sloppy etc etc. Now, that's as maybe when being judged by experts on here etc, but that's not the point, or does it matter if they actually infect peoples comps ! I don't th...
by CloneRanger
Sat Jun 06, 2015 1:25 pm
Forum: Tools/Software
Topic: Inclusion in ARK Thread
Replies: 2
Views: 7020

Re: Inclusion in ARK Thread

@ EP_X0FF

Thanx for being able to test it. Pity about the BSOD. Quite a number of ARK's have done that, in their earlier releases. Maybe they might improve it ?

Regards
by CloneRanger
Sat Jun 06, 2015 4:07 am
Forum: Tools/Software
Topic: Inclusion in ARK Thread
Replies: 2
Views: 7020

Inclusion in ARK Thread

I sent a PM the other day to a_d_13 but i now discover he hasn't checked in for a few months ! So that's why i'm posting it in here. Hi, found a new'ish one to add. Padvish AntiRootkit Introduction Rootkits are types of malware designed to covertly influence, abuse and dysfunction at some point the ...
by CloneRanger
Sat Apr 25, 2015 12:41 pm
Forum: Malware
Topic: Source of Malware
Replies: 141
Views: 221830

Re: Source of Malware

Ukatemi Technologies - a start-up from CrySyS Lab - http://ukatemi.com

If you contact them, they "may" be able to provide you with some unique samples. Mentioned in here https://www.mrg-effitas.com/mrg-effitas ... march-2015
by CloneRanger
Thu Feb 19, 2015 1:24 am
Forum: Malware
Topic: [APT] Equation
Replies: 15
Views: 16032

Re: Trojan:WinNT/Fetrog.A

@ Xylitol & R136a1 & Es07er1K

Thanx for the nasties. I'll see which, if any, can penetrate my defences. I tried to give you all a thumbs up, but the board only let me give one !
by CloneRanger
Thu Oct 16, 2014 5:41 am
Forum: Tools/Software
Topic: FinFisher - on wikileaks
Replies: 5
Views: 8144

Re: FinFisher - on wikileaks

The analysis, that i don't pretend to understand, @ https://www.codeandsec.com shows this IP 184.82.101.234 - http://whois.domaintools.com/184.82.101.234 = Backlog Capital, LLC Pilot Mountain NC USA RegDate: 2014-07-02 Updated: 2014-09-08 But the Real one is, www.backlogcapital.com = 206.188.193.106...
by CloneRanger
Mon Sep 15, 2014 12:25 am
Forum: Malware
Topic: Win32/Kuluoz
Replies: 37
Views: 57652

Unknown to me

Got this in an email from support@homeandkitchen.co.za supposedly a label to print out for a USPS package that they couldn't deliver ! VT lists it as various things. SHA256: 58007a94f3dcb7cf5b5bcdff5f3fd6e7946ff12c290acd97f23dd706e384810f File name: Label.exe Detection ratio: 8/55 https://www.virust...