Looking for a Pcap of the EMET bypass mentioned in this article:
https://www.fireeye.com/blog/threat-res ... _kite.html
I'm looking for the exploit used in the Clandestine Wolf attack abusing CVE-2015-3113:
https://www.fireeye.com/blog/threat-res ... o-day.html
Hi Erik, on the demo video i see that the ransomware is still running and not suspended on background, did he encrypt stuff during this time ? Sorry for the slow reply; The CryptoLocker process still tries to encrypt the files but is blocked by CryptoGuard's minifilter driver. Keeping the process a...
We've just released a BETA version of HitmanPro.Alert 2.5 which contains CryptoGuard. Our universal solution against crypto ransomware that works at the file system level. More information, including a demonstration video, can be found here: http://www.hitmanpro.com/alert/cryptoguard
Looking for this old dropper:
Some associate this with ZeroAccess.
We just released a Beta version of HitmanPro that cleans up the reparse points:
http://www.wilderssecurity.com/showpost ... count=5345
I got the file from a friend. But the file is not what I expected.
The hash came from TDSSkiller log with Sinowal infection like this one:
http://forum.viry.cz/viewtopic.php?f=13 ... 6#p1138676