NOKKI Malware Sports Mysterious Link to Reaper APT Group
The relationship between the malware and the APT group remains somewhat murky. Continue reading NOKKI Malware Sports Mysterious Link to Reaper APT Group
Collaborate Disseminate
The relationship between the malware and the APT group remains somewhat murky. Continue reading NOKKI Malware Sports Mysterious Link to Reaper APT Group
I published the following diary on isc.sans.org: “Windows Batch File Deobfuscation“: Last Thursday, Brad published a diary about a new ongoing campaign delivering the Emotet malware. I found another sample that looked the same. My sample was called ‘Order-42167322776.doc’ (SHA256:4d600ae3bbdc846727c2922485f9f7ec548a3dd031fc206dbb49bd91536a56e3 and looked the same as the one analyzed Brad. The
[The post [SANS ISC] Windows Batch File Deobfuscation has been first published on /dev/random]
Continue reading [SANS ISC] Windows Batch File Deobfuscation
I published the following diary on isc.sans.org: “Obfuscating without XOR“. Malicious files are generated and spread over the wild Internet daily (read: “hourly”). The goal of the attackers is to use files that are: not know by signature-based solutions not easy to read for the human eye That’s why many
[The post [SANS ISC] Obfuscating without XOR has been first published on /dev/random]
I published the following diary on isc.sans.org: “Analysis of a Maldoc with Multiple Layers of Obfuscation“. Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called “Invoice_6083.doc” (which was delivered in a zip archive). I had a quick
[The post [SANS ISC] Analysis of a Maldoc with Multiple Layers of Obfuscation has been first published on /dev/random]
Continue reading [SANS ISC] Analysis of a Maldoc with Multiple Layers of Obfuscation
I published the following diary on isc.sans.org: “Diverting built-in features for the bad“. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code… [Read more]
[The post [SANS ISC] Diverting built-in features for the bad has been first published on /dev/random]
Continue reading [SANS ISC] Diverting built-in features for the bad