Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.
yuankong666/Ultimate-RAT-Collection: For educational purposes only, samples of old & new malware builders including screenshots!
For educational purposes only, samples of old & new malware builders including screenshots! - GitHub - yuankong666/Ultimate-RAT-Collection: For educational purposes only, samples of old &am...
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader | McAfee Blog
Authored by: Anandeshwar Unnikrishnan Stage 1: GULoader Shellcode Deployment In recent GULoader campaigns, we are seeing a rise in NSIS-based installers
NAPLISTENER: more bad dreams from developers of SIESTAGRAPH
Elastic Security Labs observes that the threat behind SIESTAGRAPH has shifted priorities from data theft to persistent access, deploying new malware like NAPLISTENER to evade detection.
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
We take a deep dive into Roshtyak, the DLL backdoor payload associated with Raspberry Robin. Roshtyak is full of anti-analysis tricks. Some are well-known, and some we have never seen before. From a technical perspective, the lengths Roshtyak takes to protect itself are extremely interesting. Roshtyak belongs to one of the best-protected malware strains we have ever seen. We hope by publishing our research and analysis of the malware and its protection tricks we will help fellow researchers recognize and respond to similar tricks, and harden their analysis environments, making them more resistant to the evasion techniques described.
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executabl...
GitHub - fr0gger/Awesome_Malware_Techniques: This is a repository of resource about Malware techniques
This is a repository of resource about Malware techniques - GitHub - fr0gger/Awesome_Malware_Techniques: This is a repository of resource about Malware techniques
In a time full of ransomware as well as Advanced persistent Thread (APT) incidents the importance of detecting those attacking groups has become increasingly...
GitHub - bytecode77/pe-union: Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI
Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI - GitHub - bytecode77/pe-union: Crypter, binder & downloader with native & ...
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
DotDumper: Automatically Unpacking DotNet based Malware
The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. This blog will dive into DotDumper’s usage and internals.
GitHub - advanced-threat-research/DotDumper: An automatic unpacker and logger for DotNet Framework targeting files
An automatic unpacker and logger for DotNet Framework targeting files - GitHub - advanced-threat-research/DotDumper: An automatic unpacker and logger for DotNet Framework targeting files
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three.
PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector
In a highly targeted operation by a Chinese APT, a newly discovered backdoor dubbed PortDoor is being used in attacks targeting a Russian defense contractor...
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence - Microsoft Security Blog
Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.