malware analysis – Page 3 – WindowsTechs.com

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

Posted on April 14, 2023 by Charlotte Hammond

Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed “Minodo” to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force experts.

The post Ex-Conti and FIN7 Actors Collaborate with New Backdoor appeared first on Security Intelligence.

Continue reading Ex-Conti and FIN7 Actors Collaborate with New Backdoor→

Rorschach ransomware deployed by misusing a security tool

Posted on April 6, 2023 by Zeljka Zorz

An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks&#82… Continue reading Rorschach ransomware deployed by misusing a security tool→

What information does the Microsoft Intelligent Security Graph use for querying files?

Posted on March 27, 2023 by LanMan2-4601

I’m looking into WDAC and the option to use Microsoft’s ISG for files that are not explicitly allowed or denied caught my interest. Unfortunately I haven’t been able to find any information on what is sent to the ISG to make the known good… Continue reading What information does the Microsoft Intelligent Security Graph use for querying files?→

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

Posted on March 20, 2023 by John Dwyer

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […]

The post When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule appeared first on Security Intelligence.

Continue reading When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule→

Volatility: AutoMagic Symbol Table error

Posted on February 28, 2023 by Varghese George

I am trying to analyze the .vmem file from HoneyNet challenge 3: Banking Troubles (HoneyNet) using volatility3. But I can’t seem to get past this error:
PS C:\Users\<user>\Desktop\HoneyNet\volatility3> python vol.py -f C:\Users\&l… Continue reading Volatility: AutoMagic Symbol Table error→

How to make VBA code stay hidden even after vba stomping?

Posted on February 25, 2023 by bd55

I am experimenting with VBA stomping in microsoft word documents.
I have done it manually but also with the evilClippy tool aswell.
What i have noticed is that, although the original vba code stays hidden at first (the p-code in other word… Continue reading How to make VBA code stay hidden even after vba stomping?→

What are the Duties of a Malware Analyst?

Posted on February 16, 2023 by Jennifer Gregory

Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of 324 days (233 days to identify and 91 days to contain), compared to the global […]

The post What are the Duties of a Malware Analyst? appeared first on Security Intelligence.

Continue reading What are the Duties of a Malware Analyst?→

Malware that can do anything and everything is on the rise

Posted on February 14, 2023 by Zeljka Zorz

“Swiss Army knife” malware – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls – is on the rise, according to the results of Picus Security’s analysis of over… Continue reading Malware that can do anything and everything is on the rise→

How Threat Actors Use OneNote to Deploy ASyncRAT

Posted on February 1, 2023 by Roza Maille

See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and…

The post How Threat Actors Use OneNote to Deploy ASyncRAT appeared first on TrustedSec.

Continue reading How Threat Actors Use OneNote to Deploy ASyncRAT→

New Attacks, Old Tricks: How OneNote Malware is Evolving

Posted on January 31, 2023 by Roza Maille

1 Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office…

The post New Attacks, Old Tricks: How OneNote Malware is Evolving appeared first on TrustedSec.

Continue reading New Attacks, Old Tricks: How OneNote Malware is Evolving→