Some stuff about security..

DISCLAIMER: This blog is a set of personal notes I have decided to make public. Please, ignore any typo or language error

Sunday, January 27, 2019

Fudcrypt: the service to crypt Java RAT through VBS scripts and Houdini malware

›
The existence of services to encrypt and obfuscate malware in order to avoid antivirus detection is nothing new at all. In this blog I wrote...
Monday, December 31, 2018

Knowing your adversaries and their TTPs. The Gozi case

›
Gozi (aka Ursnif), as many other financial malware, is used by several different actors operating world-wide. In a daily basis I see Gozi ca...
Saturday, November 24, 2018

Hunting malware in memory. A Gozi case.

›
Some of the actors using Gozi / Ursnif take advantage of compromised emails (BEC) to deliver weaponised Microsoft Office documents. This is...
Monday, August 6, 2018

Gozi malspam campaign mimicking Swisscom on 30th July 2018

›
A few days ago GovCERT.ch informed via twitter about a malspam campaign mimicking Swisscom invoices. The malware delivered in the la...
Thursday, May 10, 2018

qthelegend: the new Qrypter for Adwind

›
Since last December, when I blogged  the first time about Qrypter , I've been tracking Adwind malware using this service.  @abuse.ch  ...
Thursday, March 15, 2018

Inside Qarallax / Adwind / Qrypter leading to Tesla / HawkEye (part 1)

›
A few months ago I wrote about some Java RAT named QRypter (aka QRat or Qarallax) which is basically Adwind with some layers of obfuscation...
‹
›
Home
View web version
Powered by Blogger.