Found 4 bookmarks
Custom sorting
Unpacking the unpleasant FIN7 gift: PackXOR
Unpacking the unpleasant FIN7 gift: PackXOR
In early July 2024, the Sentinel Labs researchers released an extensive article1 about “FIN7 reboot” tooling, notably introducing “AvNeutralizer”, an anti-EDR tool. This tool has been found in the wild as a packed payload. In this article, we offer a thorough analysis of the associated private packer that we named “PackXOR”, as well as an unpacking tool. Additionally, while investigating the packer usage, we determined that PackXOR might not be exclusively leveraged by FIN7.
#HarfangLab#EN#2024#PackXOR#analysis#FIN7#AvNeutralizer
·harfanglab.io·
Unpacking the unpleasant FIN7 gift: PackXOR
FIN7: The Truth Doesn't Need to be so STARK
FIN7: The Truth Doesn't Need to be so STARK
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
#team-cymru#EN#2024#FIN7#Stark-Industries-Solutions#STARK#PostLtd#SmartApe#investigation
·team-cymru.com·
FIN7: The Truth Doesn't Need to be so STARK