逆向病毒分析
Keyhole逆向分析
Keyhole 是 IcedID/Anubis 广泛使用的多功能 VNC/Backconnect 组件。虽然该恶意软件包含以前报告为典型 VNC 和 HDESK 功能的功能,但目前存在的一些扩展功能...
Python310新特性:Structural Pattern Matching在VM虚拟机逆向中的妙用
一前言这种写法最初是在2022-GoogleCTF-eldar, 国外的DiceGang的hgarrereyn师傅的wp:https://ctf.harrisongreen.me/2022/googlectf/eldar/中首次用到。也是用...
Binary type inference in Ghidra
Trail of Bits is releasing BTIGhidra, a Ghidra extension that helps reverse engineers by inferring type information from binaries. The analysis is ...
GitGot: GitHub leveraged by cybercriminals to store stolen data
ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base6...
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal
Executive summary 执行摘要 The Akamai Security Intelligence Group (SIG) has uncovered details about a new variant of the FritzFrog botnet, ...
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providi...
Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT
Summary A financially motivated threat actor is targeting Mexican banks and cryptocurrency trading entities with custom packaged installers deliver...
Trigona Ransomware Threat Actor Uses Mimic Ransomware
AhnLab SEcurity intelligence Center (ASEC) has recently identified a new activity of the Trigona ransomware threat actor installing Mimic ransomwar...
Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey)
1. Overview 1.概述 The Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea...
天问 | PyPI 特洛伊木马
2024年2月伊始,天问Python供应链威胁监测模块发现攻击者开始利用Python包名和模块名不一致的特性,在Python包中添加常见的模块,如requests。新添加的模块会...