Collaborate Disseminate
There are two main types of malware analysis: static and dynamic. Performing static analysis of a malicious binary means concentrating on analyizing its code without executing it. This type of analysis may reveal to malware analysts not only what the m… Continue reading 7 open-source malware analysis tools you should try out
A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat […]
The post From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers appeared first on Security Intelligence.
How is the malware file signature generated? Does it use a sequence of bytes in the beginning, size, PE (export, import, section), etc?
And can the MD5 or SHA256 be considered a file signature for a malware file?
Note: I know that there’s … Continue reading How malware file signature is generated?
Remnux provides a set of tools for Malware analysis
Is there any equivalent in Windows that contains the essential tools for malware analysis tasks?
Continue reading Windows malware analysis sandbox like Remnux
I just came across this blog post (archived here). I am curious to know where I can find more data on false positive rates of anti-virus software. Of course, any such data would be subjective, since the samples are chosen by the people who… Continue reading Reliable information on AV engine false positive rate
Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine. Between mid-April and mid-June of 2022 the Trickbot group, tracked by X-Force as ITG23 and […]
The post Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine appeared first on Security Intelligence.
Continue reading Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
I have read into malware sink holing, as a way to disrupt botnets.
There are also approaches to make this more difficult, for example using a Domain Name Generator algorithm which is what the Conficker worm used, fast-flux, double fast-flu… Continue reading Malware sinkhole evasion techniques
Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What makes Symbiote different from other Linux malware that we usually come acros… Continue reading Researchers unearth highly evasive “parasitic” Linux malware
I am performing some Windows malware research on a rogue AV software called SpySheriff (password: infected). I want to edit the IP address within the PE (.exe) file to change it to my honeypot IP address. I know it is easier to set-up IP T… Continue reading Hex editing an IP address of a different length
When I first became interested in malware reverse engineering years ago, the first malicious program I encountered was a scareware called SpySheriff. It had a wide internet presence, as it spread through the typo-squatting domain goggle.co… Continue reading Malware binaries for the SpySheriff scareware