逆向病毒分析
Spinning YARN – A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence
Introduction 介绍 Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the...
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
The espionage group Earth Kapre (aka RedCurl and Red Wolf) has been actively conducting phishing campaigns targeting organizations in Russia, Germa...
GhostSec’s joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. 思科Talos观察到,自去年以来,黑客组织的恶意...
DCRat 恶意软件分析报告
可以从MalwareBazaar | SHA256 08d9d5c3b0a134a56085e058b5078dbf68de75dc98409dff52c7dd5075598c3a (DCRat) (abuse.ch)收集初始样本。SHA256(加载程序):0...
X社区资产测绘工具篇:持续一年的AsyncRAT 攻击活动,竟然还在继续!
1事件背景AT&T Alien Labs 最近披露了一场历时 11 个月 AsyncRAT 攻击活动。攻击者采用钓鱼页面传递初始 JavaScript 文件,涉及 300 多个样本和 100 多个...
New Wave of SocGholish Infections Impersonates WordPress Plugins
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites...
Spinning YARN – A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence
Introduction 介绍 Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the...
CVE-2021-32760漏洞分析与复现
本文仅用于学习研究为目的,禁止用于任何非法目的,否则后果自负。一漏洞背景近日Containerd公布了一个安全漏洞,攻击者通过构造一个恶意镜像,能够在普通用...
Hikari源码分析 – AntiClassDump
本文章分析AntiClassDump的实现细节,以下源码参考来自https://github.com/61bcdefg/Hikari-LLVM15,感谢Hikari原作者以及更多贡献者的付出。一前置知识1. 类...
猎影追踪:新勒索家族出现,Donex公布多名受害者信息
近日,安恒信息猎影实验室在威胁狩猎中捕获到一款名为Donex的新勒索家族样本。截止目前该网站已公布涉及多个国家共计5名受害者的信息。新勒索家族出现:Donex...