Some stuff about security..

DISCLAIMER: This blog is a set of personal notes I have decided to make public. Please, ignore any typo or language error

Saturday, November 24, 2018

Hunting malware in memory. A Gozi case.

Some of the actors using Gozi / Ursnif take advantage of compromised emails (BEC) to deliver weaponised Microsoft Office documents. This is...

Monday, August 6, 2018

Gozi malspam campaign mimicking Swisscom on 30th July 2018

A few days ago GovCERT.ch informed via twitter about a malspam campaign mimicking Swisscom invoices. The malware delivered in the la...

Thursday, May 10, 2018

qthelegend: the new Qrypter for Adwind

Since last December, when I blogged the first time about Qrypter , I've been tracking Adwind malware using this service. @abuse.ch ...

Thursday, March 15, 2018

Inside Qarallax / Adwind / Qrypter leading to Tesla / HawkEye (part 1)

A few months ago I wrote about some Java RAT named QRypter (aka QRat or Qarallax) which is basically Adwind with some layers of obfuscation...

Saturday, March 3, 2018

The strange case of Adwind embedded in a MS-DOS file

A few days ago there was a malspam campaign mimicking one bank and delivering a PDF file and some DOC files exploiting CVE-2017-11882 ...

View web version

Powered by Blogger.