Found 21 bookmarks
Newest
IcedID GZIPLOADER Analysis - Binary Defense
IcedID GZIPLOADER Analysis - Binary Defense
In late February, while tracking a malicious spam campaign from the Qakbot distributor “TR,” Binary Defense’s analysts identified a new version of IcedID being delivered through malicious Word and Excel files. The updated IcedID has a new first stage loading mechanism, which we’ve dubbed “gziploader,” along with new encryption algorithms for hiding its configuration and […]
·binarydefense.com·
IcedID GZIPLOADER Analysis - Binary Defense
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading - VMware Security Blog - VMware
Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading - VMware Security Blog - VMware
At the beginning of April, Carbon Black Threat Research began analyzing a malware variant commonly referred to as Red Leaves, which appears to have code reuse from the PlugX family. During the last month, this malware family has been referenced in several security blogs and government
·blogs.vmware.com·
Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading - VMware Security Blog - VMware