A forum for reverse engineering, OS internals and malware analysis 

Search found 19 matches

 Go to advanced search

NamPoHyu Ransomware

 by stevegs1821 ¦  Fri Apr 26, 2019 5:18 pm ¦  Forum: Malware Requests ¦  Topic: NamPoHyu Ransomware ¦  Replies: 1 ¦  Views: 225

anyone have any actual binaries or real artifacts associated with:

NamPoHyu

https://www.trendmicro.com/vinfo/us/sec ... ba-servers

APT38 Related malware?

 by stevegs1821 ¦  Mon Oct 29, 2018 3:27 pm ¦  Forum: Malware Requests ¦  Topic: APT38 Related malware? ¦  Replies: 0 ¦  Views: 1244

HEllo,

Would anyone happen to have specific hashes related to Fireeye APT38 report?

references:
https://www.fireeye.com/blog/threat-res ... group.html
https://content.fireeye.com/apt/rpt-apt38

ty

st

Re: LoJax(UEFI rootkit)

 by stevegs1821 ¦  Mon Oct 01, 2018 4:15 pm ¦  Forum: Malware ¦  Topic: LoJax(UEFI rootkit) ¦  Replies: 6 ¦  Views: 2752

^^^^^^ The above hashes are SHA1 btw

st

Re: LoJax(UEFI rootkit)

 by stevegs1821 ¦  Mon Oct 01, 2018 4:14 pm ¦  Forum: Malware ¦  Topic: LoJax(UEFI rootkit) ¦  Replies: 6 ¦  Views: 2752

Anyone have a copy of the missing binaries?

cc217342373967d1916cb20eca5ccb29caaf7c1b  ReWriter_binary.exe
ea728abe26bac161e110970051e1561fd51db93b  ReWriter_read.exe
f2be778971ad9df2082a266bd04ab657bd287413  SecDXE
700d7e763f59e706b4f05c69911319690f85432e  autoche.exe

ty,

st

CVE-2018-8373 Exploit(s) / HTML_EXPLOIT.YYRV

 by stevegs1821 ¦  Thu Aug 23, 2018 3:25 pm ¦  Forum: Malware Requests ¦  Topic: CVE-2018-8373 Exploit(s) / HTML_EXPLOIT.YYRV ¦  Replies: 0 ¦  Views: 1972

Hello, Would anyone be able to share a copy of the CVE-2018-8373 exploit, please? Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/ SHA256: 0d6fe137790e2ebdf4fac2dd50065...

Re: SynAck ransomware

 by stevegs1821 ¦  Tue May 08, 2018 2:46 pm ¦  Forum: Completed Malware Requests ¦  Topic: SynAck ransomware ¦  Replies: 4 ¦  Views: 2270

+ 1...same request

Methbot

 by stevegs1821 ¦  Tue Feb 21, 2017 10:00 pm ¦  Forum: Completed Malware Requests ¦  Topic: Methbot ¦  Replies: 0 ¦  Views: 6076

Hello,

I'm seeking confirmed samples of Methbot.

Reference: https://www.whiteops.com/methbot
http://go.whiteops.com/rs/179-SQE-823/i ... ion_WP.pdf


Thanks,

sg

Re: Win32/Cerber

 by stevegs1821 ¦  Tue Aug 16, 2016 3:26 pm ¦  Forum: Malware ¦  Topic: Win32/Cerber ¦  Replies: 76 ¦  Views: 164825

Request: Stampedo Ransomware

 by stevegs1821 ¦  Mon Jul 18, 2016 3:28 pm ¦  Forum: Completed Malware Requests ¦  Topic: Request: Stampedo Ransomware ¦  Replies: 3 ¦  Views: 5287

Hello, Very little public info here. It was for sale on AlphaBay and covered in a few blogs (no hashes etc). Request details: 1) Stampedo Ransomware / kit 2) Hashes (unavailable) 3) References: https://heimdalsecurity.com/blog/security-alert-stampado-ransomware-on-sale/ http://betanews.com/2016/07/1...

PowerWare Ransomware (specific DOC example)

 by stevegs1821 ¦  Thu Mar 31, 2016 7:26 am ¦  Forum: Completed Malware Requests ¦  Topic: PowerWare Ransomware (specific DOC example) ¦  Replies: 1 ¦  Views: 2523

Hello, Requesting a copy of: MD5: 063394a08bb3eec2680a30939e906343 Reference: https://www.carbonblack.com/2016/03/25/threat-alert-powerware-new-ransomware-written-in-powershell-targets-organizations-via-microsoft-word/ https://blog.cylance.com/ransomware-update-todays-bountiful-cornucopia-of-extorti...