逆向病毒分析
LockBit Ransomware Distributed via Word Files Disguised as Resumes
AhnLab SEcurity intelligence Center (ASEC) has identified that LockBit ransomware is being distributed via Word files since last month. A notable p...
Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
Over the years, TAG has analyzed a range of persistent threats including COLDRIVER (also known as UNC4057, Star Blizzard and Callisto), a Russian t...
Atomic Stealer rings in the new year with updated version
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users...
Known Indicators of Compromise Associated with Androxgh0st Malware
SUMMARY 总结 The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cyb...
AN INTRODUCTION TO REVERSE ENGINEERING .NET AOT APPLICATIONS
About a month ago, we started seeing reports on activities from DuckTail , a cybercrime outfit reportedly based in Vietnam. Detonating one of the s...
Hikari源码分析 – AntiHook
一实现原理该PASS主要提供了三大功能,分别是inlinehook的检测、Runtime保护以及防止借助符号重绑定攻击:1.检测和中断潜在的内联hook:通过分析目标程序中的...
论文推荐 | 借助大语言模型GPT-4辅助恶意代码动态分析
2023年是大语言模型发展的元年,许多大语言模型崭露头角,以ChatGPT为首的生成式对话模型已然成为人工智能领域的研究热点,引领着自然语言处理技术不断发展。...
对一手游的自定义 luajit 字节码的研究
情况研究首先,这是一个 unity的 传统手游,这里就跳过较为前期的部分。像是 libtersafe . libbugly . libcri_ware 这些都是老熟人了 都跳过。unity 的 lua ...
调试实战 | 从转储文件找出抛出的异常
一理论篇缘起最近在分析转储文件时,遇到了一个由throw抛出的异常。尽管在windbg中使用!analyze -v迅速知道了异常码是0xe06d7363(对应的ASCII码是.msc),但...
注册机内藏勒索软件,利用国内收款码收款
赶紧点击上方话题进行订阅吧!报告编号:CERT-R-2024-652报告来源:360高级威胁研究分析中心报告作者:360高级威胁研究分析中心更新日期:2024-01-191 ...