Collaborate Disseminate
I have started analyzing malware, but sometimes when it’s packed I have difficulty finding the tail jump or other times to check the system api imported.Is there a site/blog that posts detailed malware reports to check with my analysis? In… Continue reading Where to find malware reports to verify personal analysis? [closed]
When trying to analyze malware, have there been cases where malware detected the use of mitmproxy and ceased operation?
If that has happened, would it be a good idea to be constantly using a proxy as a measure for deterring any malware?
Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat…
The post Simplifying Your Operational Threat Hunt Planning appeared first on TrustedSec.
Continue reading Simplifying Your Operational Threat Hunt Planning
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management…
The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.
On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware IBM Security X-Force has released public content for which has been reportedly targeted systems belonging […]
The post CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations appeared first on Security Intelligence.
Continue reading CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
Supposedly if you configure 1.1.1.1 with the option to block malware, when you initiate a download and that file travel through the gateway at Cloudflare’s edge, it is sent to the malware scanning engine. Of course, for my grandmother, thi… Continue reading How cloudflare DNS blocks malware [closed]
OPSWAT announced a report which reveals that nearly every organization struggles with malware analysis. Specifically, 94% of organizations are challenged to find, train, and retain malware analysis staff. Furthermore, 93% of organizations are challenge… Continue reading What is challenging malware analysis?
Long story short, got duped into opening an XLSM in Excel, with macros being enabled. Realised instantly.
Digged into the Excel structure, found the following (extremely obfuscated) payload:
=CALL("urlmon","URLDownloadToFilA… Continue reading Opened compromised Excel file – am I safe?
This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson. On February 23, 2022, open-source intelligence sources began reporting detections of a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. IBM Security […]
The post IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine appeared first on Security Intelligence.
I am planning on analysing some malware samples dynamically using a sandbox tool and a target Windows VM. The host (physical machine) runs Ubuntu and in it are the sandbox and target VM.
So far I only analysed benign samples, i.e. normal s… Continue reading How to store malware for analysis?