逆向病毒分析
android|linker加载so
文章记录了linker加载so的部分逻辑,记录重要源码部分。0x1 so的加载native 层的调用的过程是JavaVMExt::LoadNativeLibraryOpenNativeLibraryNativeLoaderNam...
Directory Opus 13.2 逆向分析
文章仅供学习使用,切勿用于非法用途。如有造成侵权,请及时联系作者处理。一前言DIrectory Opus是一款非常优秀的Windows 文件多功能资源管理器,下面是来自...
UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT
The threat actor tracked as UAC-0184 has been using steganography techniques to deliver the Remcos remote access Trojan (RAT) via a relatively new ...
pitou新变种快速传播 于系统加载前执行
近期,火绒威胁情报系统监到木马病毒pitou的最新变种正在快速传播。该病毒感染系统后,可以根据C&C服务器下发的配置信息发送邮件进行钓鱼攻击和广告推销...
SupermanMiner挖矿木马新变种持续活跃
赶紧点击上方话题进行订阅吧!报告编号:CERT-R-2024-714报告来源:360CERT报告作者:360CERT更新日期:2024-02-281 背景360安全大脑通过长期监测发现一...
逆向开发Turla组织TinyTurla-NG新后门C&C站点
文章首发地址:https://xz.aliyun.com/t/13882文章首发作者:T0daySeeker概述在上一篇《逆向开发Turla组织TinyTurla后门控制端》文章中,笔者先从TinyTurla后...
ObjDir – Rust Version
In the previous post, I’ve shown how to write a minimal, but functional, Projected File System provider using C++. I also semi-promised to write a ...
Apple Gets an ‘F’ for Slicing Apples
Background 背景 I’m currently working on Volume II of the “The Art of Mac Malware” (TAOMM) series. This 2nd book is a comprehensive resour...
独家情报 | 剖析Rhysida高级勒索团伙
情报分析显示,Vice Society 可能是Rhysida高级勒索组织的前身,因为两者的攻击武器库画像中有不少相似之处,且时间衔接线比较吻合。目前,在Rhysida组织用于...
Turla Leverages ‘Pelmeni Wrapper’ for Stealthy Kazuar Backdoor Delivery
Research from Lab52 has uncovered a recent Turla campaign exhibiting novel tactics and a customized variant of the Kazuar trojan. This analysis off...