A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #28911  by EP_X0FF
 Wed Jul 20, 2016 4:51 am
Below is the short list of pseudo-APT campaigns launched in MSM by AV proxy/fake security "companies"
  • Rombertik - This terrifying malware destroys your PC if detected
    Campaign orchestrated by so-called "Talos Group" from Cisco - low quality "security analysts" who doesn't know how popular compiler generated file formats looks. It was so advanced for them so it is sure NationState APT.
  • Gyges - Invisible Malware
    Campaign launched by SentinelLabs (now rebranded as SentinelOne) - fraudware company. They introduced popular ransomware Win32/Urasy as invisible(sic) NationState sponsored APT.
  • Patchwork - The Copy-Paste APT
    Campaign launched by Cymmetria serving as a proxy company. They unveiled how to create hype from github open-source projects and script-kiddie blog posts. Of course it is NationState APT.
  • SFG - Furtims parent
    Campaign from SentinelOne, started after they registered here and downloaded sample from the above thread, after that they named this place as 'darkweb'. Represent malware package with various Carberp code as NationState APT.
This list will be updated when more fake "NationState APT" will be discovered (and they will be).

NOTE: The content of this list is originally from: http://www.kernelmode.info/forum/viewto ... =16&t=4423. If you are reading it elsewhere, please visit the original location.
 #29050  by TSION
 Tue Aug 16, 2016 2:08 pm
EP_XOFF should be very interesting for an amateur reverse engineer and should be interesting experience.