Inside a New OT/IoT Cyberweapon: IOCONTROL | Claroty
Team82 has researched a malware sample called IOCONTROL linked to an Iran-based attack group used to target IoT and OT civilian infrastructure in the U.S. and Israel.
PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, as well as to Project Wood.
LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign
The threat actor behind LightSpy has expanded their toolset with the introduction of DeepData, a modular Windows-based surveillance framework that significantly broadens their espionage capabilities.
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.
The IMEEX framework is a newly discovered, custom-built malware designed to target Windows systems. Delivered as a 64-bit DLL, it offers attackers extensive control over compromised machines. This framework is notable for its robust capabilities, featuring a wide array of functionalities, including execution of additional modules, file manipulation, process management, registry modification, and remote command […]
Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules
Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.
Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.
yuankong666/Ultimate-RAT-Collection: For educational purposes only, samples of old & new malware builders including screenshots!
For educational purposes only, samples of old & new malware builders including screenshots! - GitHub - yuankong666/Ultimate-RAT-Collection: For educational purposes only, samples of old &am...
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader | McAfee Blog
Authored by: Anandeshwar Unnikrishnan Stage 1: GULoader Shellcode Deployment In recent GULoader campaigns, we are seeing a rise in NSIS-based installers
NAPLISTENER: more bad dreams from developers of SIESTAGRAPH
Elastic Security Labs observes that the threat behind SIESTAGRAPH has shifted priorities from data theft to persistent access, deploying new malware like NAPLISTENER to evade detection.
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
We take a deep dive into Roshtyak, the DLL backdoor payload associated with Raspberry Robin. Roshtyak is full of anti-analysis tricks. Some are well-known, and some we have never seen before. From a technical perspective, the lengths Roshtyak takes to protect itself are extremely interesting. Roshtyak belongs to one of the best-protected malware strains we have ever seen. We hope by publishing our research and analysis of the malware and its protection tricks we will help fellow researchers recognize and respond to similar tricks, and harden their analysis environments, making them more resistant to the evasion techniques described.
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executabl...