Channel address:
Categories:
Technologies
Language: English
Subscribers:
3.00K
Description from channel
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...
Partner channel: @cveNotify
Contact: @SirMalware
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
0
3 stars
2
2 stars
0
1 stars
1
The latest Messages 15
2022-01-21 20:45:27
[1/n] Today I'm sharing the details of a research done by vaber_b, legezo, Ilya Borisov and myself on a UEFI firmware implant found in the wild, dubbed #MoonBounce. We assess that this formerly unknown threat is the work of the infamous #APT41. A
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
_marklech_ @malwr
101 viewsedited 17:45
2022-01-21 20:18:17
An old sample of the Lamberts (probably #WhiteLambert) appeared on VirusTotal.
This driver file intel440x.sys is also mentioned by name on the infamous drv_list.txt from The Shadow Brokers' leak. The logic itself is contained inside a compressed resource.
https://www.virustotal.com/gui/file/1eede29007619d207842ddcaadf41b17b47a456004df43189d1f6cf54a3b785b
_CPResearch_ @malwr
90 views17:18
2022-01-21 12:08:00
For those following the news, the WhisperGate campaign (as initially described by Microsoft) has been quite impactful. Today, my blog for corporate has gone live regarding this wiper campaign, with the analysis of all four stages. Additionally, I uploaded the binary of stage 4 to VirusTotal, MalShare, and MalwareBazaar, making it accessible for all. The links are given below.
Link: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Sent from one of our members
@malwr
59 views09:08
2022-01-21 10:40:05
Best search engines for Pentesters and Security Professionals.
→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh
→ spyse .com
→ vulners .com
→ PublicWWW .com
→ Pulsedive .com
→ ZoomEye .org
→ intelx .io
→ WiGLE .net
→ reposify .com
→ viz. greynoise .io
NandanLohitaksh @malwr
87 viewsedited 07:40
2022-01-21 10:16:13
Are you an admin with EXE blocked by #AppLocker? You can bypass the protection without any execution traces in the AppLocker Log! Load your DLL, steal the token from spooler and create the child process.
C source code and the compiled binary, as usual: https://github.com/gtworek/PSBits/tree/master/AppLockerBypass
0gtweet @malwr
87 views07:16
2022-01-21 10:15:19
About the WhisperGate, it's quite simple to setup the IDA Pro + Bochs to examine the MBR and I showed it step-by-step few slides in an introductory talk at HTIB Amsterdam 2019. Just it case you want to check slides:
https://exploitreversing.files.wordpress.com/2021/12/hitb_ams_2019-1.pdf
#malware #idapro
ale_sp_brazil @malwr
75 views07:15
2022-01-21 10:14:35
After the Pro version earlier this week, I just released a new version of MacroPack Community!
#infosec #MacroPack
https://github.com/sevagas/macro_pack
EmericNasi @malwr
77 views07:14
2022-01-21 10:13:41
We do not possess any samples from Lockbit Ransomware group. A new sample from Lockbit has not appeared on @abuse_ch since December, 2021.
We asked Lockbit for a new sample - they have provided us with a sample directly from their panel.
Download here: https://samples.vx-underground.org/samples/Families/
vxunderground @malwr
80 views07:13
2022-01-20 23:47:19
CVE-2022-0173
radare2 is vulnerable to Out-of-bounds Read
@cveNotify
112 views20:47
2022-01-20 17:40:07
Time to chip in for #100DaysofYARA, this rule is a (fun) example that looks for a structure (#Regin VFS) instead of data.
Structures (often config) are useful to validate your understanding of malware functionality and for more resilient rules. But be careful with boundaries :)
Int2e_ @malwr
87 views14:40