链上追踪:洗币手法科普之波场 TRON
By:Lisa@慢雾 AML 团队今天继续我们的链上追踪科普系列。大家都知道,在 BTC 上,可以通过 Wasabi 钱包等进行混币,在 Ethereum 上,可以通过 Tornado.Cash ...
“8220”挖矿组织活动分析
点击上方'蓝字'关注我们吧!01概述自2022年一月以来,安天CERT陆续捕获到多批次“8220”挖矿组织攻击样本,该挖矿组织自2017年出现,持续活跃,同时向Windows与...
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
In a previous blog we gave a high-level overview of Industroyer2, the latest tool that advanced persistent threat (APT) group Sandworm used...
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Mandiant has gathered sufficient evidence to assess that the activity tracked as UNC2452, the group name used to track the SolarWinds compromise in...
외교/안보 관련 내용의 워드문서 유포 중
ASEC 분석팀은 대북 관련 파일명으로 악성 워드 문서가 지속적으로 유포되고 있음을 확인하였다. [그림 1] 220426-북한의 외교정책과 우리의 대응방향(정**...
“海黄蜂”:针对我国新兴科技企业的窃密活动深度分析
更多安全资讯和分析文章请关注启明星辰ADLab微信公众号及官方网站(adlab.venustech.com.cn)一、概述启明星辰ADLab在近几个月内,注意到多起将发件人伪装为...
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
We recently discovered a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). Based on our analysis...
干货 | 最新Windows事件查看器.NET反序列化漏洞分析
0x01 漏洞背景 4月26日@Orange Tsai 在Twitter上发表一个有关Windows事件查看器的反序列化漏洞,可以用来绕过Windows Defender或者ByPass UAC等其它攻击场景...
Lazarus武器库更新:Andariel近期攻击样本分析
概述Andariel 团伙被韩国金融安全研究所(Korean Financial Security Institute)归属为Lazarus APT组织的下属团体。该团体主要攻击韩国的组织机构,尤其是金...
(RV34X,160,260) 多漏洞攻击链研究
漏洞介绍:在2021年11月的Austin pwn2own比赛中,攻击者对RV34X路由器进行了多个漏洞的发现与利用,通过多漏洞利用构成攻击链,成功实现身份绕过、提权、命令...