Found 3 bookmarks
Custom sorting
HijackLoader evolution: abusing genuine signing certificates
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
·harfanglab.io·
HijackLoader evolution: abusing genuine signing certificates
Unpacking the unpleasant FIN7 gift: PackXOR
Unpacking the unpleasant FIN7 gift: PackXOR
In early July 2024, the Sentinel Labs researchers released an extensive article1 about “FIN7 reboot” tooling, notably introducing “AvNeutralizer”, an anti-EDR tool. This tool has been found in the wild as a packed payload. In this article, we offer a thorough analysis of the associated private packer that we named “PackXOR”, as well as an unpacking tool. Additionally, while investigating the packer usage, we determined that PackXOR might not be exclusively leveraged by FIN7.
·harfanglab.io·
Unpacking the unpleasant FIN7 gift: PackXOR
Mid-year Doppelgänger information operations in Europe and the US
Mid-year Doppelgänger information operations in Europe and the US
This report delves into Doppelgänger information operations conducted by Russian actors, focusing on their activities from early June to late-July 2024. Our investigation was motivated by the unexpected snap general election in France, prompting a closer look at Doppelgänger activities during this period. While recent activities have been described since1,2, our first dive into the information operations topic offers a complementary threat-intelligence analysts’ perspective on the matter, brings additional knowledge on associated infrastructure, tactics and motivation in Europe and the United States.
·harfanglab.io·
Mid-year Doppelgänger information operations in Europe and the US