Discover and read the best of Twitter Threads about #malware

Most recents (24)

Daily Bookmarks to GAVNet 01/22/2022 greeneracresvaluenetwork.wordpress.com/2022/01/22/dai…
Trump Backs Boosters. Clearly, Someone Did the Math for Him. | by Donald G. McNeil Jr. | Jan, 2022 | Medium

donaldgmcneiljr1954.medium.com/trump-backs-bo…

#PartisanPolitics, #VaccinationBoosters, #PoliticalEndorsement, #SwingStates
The Complex Alternative: Complexity Scientists on the COVID-19 Pandemic — SFI Press

sfipress.org/books/the-comp…

#ComplexityScience, #BookReview, #SantaFeInstitute, #COVID19, #SocialCommentary
Read 20 tweets
#ESETresearch investigated Donot Team’s (also known as APT-C-35 and SectorE02) #cyberespionage campaigns targeting military organizations, governments, Ministries of Foreign Affairs, and embassies of countries in South Asia. welivesecurity.com/2022/01/18/don… 1/5
A recent report by #Amnesty International links the group’s malware to an Indian cybersecurity company that be selling the spyware to entities in the region. 2/5
ESET’s investigation spans from September 2020 to October 2021 and details variants of the yty malware framework used to target entities in Bangladesh 🇧🇩, Sri-Lanka 🇱🇰, Pakistan 🇵🇰 and Nepal 🇳🇵. But also embassies in the Middle East, Europe, North and South America. 3/5
Read 5 tweets
1/ I never publicly talked about this because I didn’t want to be the one to seed bad ideas but now it’s been done. Due to the very broad attack surface of #Ethereum VM & solidity language it is very much possible to add #malware & #ransomeware to #NFT’s & smart contracts.
2/ This is one of the many reasons Satoshi removed many OP_CODEs originally added to #Bitcoin. Its also a reason we limited the initial release of #DigiByte #DigiAssets. Its a very real problem that will continue to grow as ecosystem grows.
3/ The truly terrifying part is not only can someone send you a booby trapped #NFT or #SmartContract that once you interact with can do any unknown number of things. But it can theoretically be done without your involvement.
Read 5 tweets
RE tip of the day: IDA Freeware is shipped without FLIRT sigs for Delphi but you can use a great tool called IDR to extract sample's symbols, export them as IDC and use it (or part of it like MakeNameEx-based values) in IDA
#infosec #cybersecurity #malware github.com/crypto2011/IDR
The precompiled binaries for IDR can be found here: github.com/huettenhain/dh…
NB: always make a copy of your IDB first before applying any IDC scripts!
Read 3 tweets
[New Paper] How Antiviruses really work? How do they really detect #malware? Do they still use signatures? (A thread) Thanks to all of my coauthors (some on twitter @fabriciojoc @abedgregio @pgeus)
Publisher: sciencedirect.com/science/articl…
Archived: secret.inf.ufpr.br/papers/marcus_…
In this study, I analyze almost all aspects of an AV operation to understand how they really work. Important to say that this is not exactly a reverse engineering work from the sense of digging into all details of all components.
I did not perform any decompilation to not violate copyright, so all my analyses are from an inspection of dropped files perspective, as any skilled user could do to understand what runs in their own computers.
Read 62 tweets
#ESETresearch analyzed #FontOnLake, a previously unknown #malware family that utilizes custom and well-designed modules, targeting #Linux systems.
welivesecurity.com/2021/10/07/fon…
@HrckaVladislav 1/6
Modules are under development and provide #remoteaccess to the operators, collect credentials + serve as a proxy server. To do this, #FontOnLake uses modified legitimate binaries adjusted to load further components, its presence is always accompanied by a #rootkit. 2/6
The sneaky nature of #FontOnLake tools, along with advanced design and low prevalence suggest usage in targeted attacks. #ESETresearch believes its operators are extra cautious as almost all samples seen use unique C&C servers with varying non-standard ports. 3/6
Read 6 tweets
How to check iOS devices for signs of CVE-2021-30860 / FORCEDENTRY exploitation (for context, see @citizenlab's 13.09.2021 blog). #nso #pegasus #malware #ios
Make an unencrypted iTunes backup, or use MVT (docs.mvt.re/en/latest/inde…) to decrypt an encrypted one. You can also check older backups, if you have them. (it's a good idea to make regular iTunes backups for all your devices, precisely for this reason)
Use DB Browser for SQLite (see sqlitebrowser.org) to open Manifest.db, in the root folder of the iTunes backup. Make sure you open it read-only - "File -> Open Database Read Only".
Read 8 tweets
Recently I've been looking into #Pegasus #Malware and found myself in a rather unique threat intelligence position.

To talk about it, here's...
a Thread 🧵
a Blog 📖
and a Video 🎥

👇
In July 2021 @FbdnStories produced an astounding collection of articles highlighting NSO Group's Pegasus malware and its apparent misuse throughout Governments across the globe. @amnesty wrote about Pegasus in 2016 where a prominent human-rights activist was targeted...
Back in 2016 the vehicle to infect an iPhone with Pegasus was the #trident suite of vulnerabilities. In 2021, a vuln known as #megalodon was being used, a zero-day in iMessage which required zero user-interaction...
Read 11 tweets
In light of the recent #SupplyChain attack on @KaseyaCorp by #REvil, it is worth paying attention to decoder[.]re included within the ransom notes, used additionally to 'mirror' in TOR network. #Ransomware #Cybersecurity #ThreatIntel #ThreatHunting #Malware Image
Similar to decryptor[.]cc and decryptor[.]top in previous #REvil/#Sodinokibi versions, decoder[.]re is used to grant the victims access to the threat actors WEB-site for further negotiations should their connection be limited via #TOR. Image
To access the page in WWW or TOR - the victim needs to provide a valid UID (e.g. "9343467A488841AC") ImageImage
Read 11 tweets
Daily Bookmarks to GAVNet 05/22/2021 greeneracresvaluenetwork.wordpress.com/2021/05/22/dai…
A Scratched Hint of Ancient Ties Stirs National Furies in Europe

nytimes.com/2021/05/16/wor…

#archaeology #europe #runes #slavic #nativism #nationalism #debate
Zoltan On The Coming QE Endgame: "Banks Have No More Space For Reserves"

zerohedge.com/markets/zoltan…

#banking #reserves #TheFed #FinancialSystem
Read 10 tweets
‘Tricks With a Notorious Russian Spy Group’

‘Security researchers have found links between the attackers and #Turla, a sophisticated team suspected of operating out of Moscow’s #FSB intelligence agency.’

#VenomousBear
#Snake
#malware
#UNC2452
#DarkHalo
wired.com/story/solarwin…
“…believe the SolarWinds #hackers and #Turla aren't one and the same. But … one #hacker group at the very least ‘inspired’ the other, and they may have common members between them or a shared #software developer building their #malware.”

wired.com/story/solarwin…
“… That actually makes the connection more significant … ‘It’s more like handwriting. That handwriting or style propagates to different projects written by the same person.'"

#Turla
wired.com/story/solarwin…
Read 16 tweets
Daily Bookmarks to GAVNet 05/06/2021 greeneracresvaluenetwork.wordpress.com/2021/05/06/dai…
Prior SARS-CoV-2 infection rescues B and T cell responses to variants after first vaccine dose

science.sciencemag.org/content/early/…

#COVID19 #variants #vaccines #immunity
Book Review: The Next Frontier of Warfare Is Online

undark.org/2021/04/30/boo…

#cyberattacks #malware #hacking #DigitalMarkets #StateSctors
Read 10 tweets
Schweizer Storenbauer #Griesser von #Ransomware Conti befallen

"Das Unternehmen musste IT-Systeme herunterfahren. Conti wird in APT-Kampagnen eingesetzt und versucht auch Daten zu entwenden." /1
inside-it.ch/de/post/schwei…
"Betroffen sind laut dem Communiqué die #Produktionsstätten im thurgauischen Aadorf sowie in Österreich und Frankreich. Griesser beschäftigt insgesamt 1300 Personen. Die Angreifer hätten die Schlüsselsysteme wie das #ERP ins Visier genommen..." /2
"Um eine Ausbreitung der #Malware zu vermeiden, habe eine IT-Taskforce die Systeme heruntergefahren...#Krisenstab habe zudem Schritte eingeleitet, um den Vorfall zu bearbeiten und schrittweise in der Normalbetrieb zurückzukehren. Am 19.4. will man so weit sein..." /3
Read 4 tweets
Schadsoftware-Bereinigung: #BKA nutzt #Emotet-Takedown als Türöffner für mehr Befugnisse und neue Gesetze

"#Bundeskriminalamt hat ein Schadsoftware-Update auf zehntausenden Windows-PCs weltweit installiert, um sie zu bereinigen..." /1

von @andre_meister
netzpolitik.org/2021/schadsoft…
"Experten kritisieren die konstruierte Rechtsgrundlage dieser brisanten Aktion. Der #BKA-Präsident fordert, das Gesetz an die Praxis anzupassen." /2
"Im @Bundestag gab #BKA-Präsident Holger Münch zu, dass es für eine komplette Bereinigung der Systeme keine #Rechtsgrundlage gibt und die Aktion an der Grenze des rechtlich Möglichen stattfand." /3
Read 25 tweets
This thread brings together all my #infographics until today (2years of work).

These are all infographics about #infosec 🔐

Feel free to share this tweet if you think it may be useful for your #community 📚

Follow me ➡ @SecurityGuill fore more about #security #hacking #news ImageImageImageImage
How does an #Antivirus works? Image
Quick presentation of the different #Bluetooth Hacking Techniques Image
Read 44 tweets
The most terrifying fact about trustless decentralized computing is the emergence of rogue AIs that you can't switch off. (/thread)
#Blockchains are a financial rail for autonomous agents. Rogue agents can self-fund, evolve, and slowly amass unbounded amounts of power.
Viruses and #malware have for decades been evolving sophisticated techniques to hide, spread, mutate, and evade.
Read 17 tweets
Let's walk through #malware de-obfuscation of a REvil PowerShell ransomware script in #CyberChef. The original can be found below if you want to play alone at home! hybrid-analysis.com/sample/e1e19d6…
Following my analysis, I realised there is an excellent write up of the same PowerShell on SANS here which is worth a read: isc.sans.edu/forums/diary/P… Thanks to @xme for saving me the detonation to learn its ransomware! 👍
Taking a scan we can see an AES decrypt function and blob of Base64 - likely what is to be decrypted. Later on we see our IV and Key variables references, also in Base64.
Read 13 tweets
#Sidewinder #APT

It seems that #Indian APTs have been raging war on #Pakistan with the same payloads over and over again. Meanwhile, Pakistani #Government and #Military is either helpless or over occupied. Following is another new sample that goes ages back.
A variant of this sample has attributed to #Sidewinder #APT by Govt. of Pak. The #malware is deployed using the shared image in a #phishing email using a similar methodology to that of Image
DOCX MD5: 2a6249bc69463921ada1e960e3eea589 Mech 8 ZIRC0N-TSIRK0N.doc
#Exploit: hashcheck[.]xyz/PY8997/yrql/plqs
RTF MD5: 7c11d5125c3fb167cca82ff8b539e3c7 plqs
#C2: sportfunk[.]xyz/topaz/foti
CVE-2017-11882 Image
Read 12 tweets
#DataPrivacyDay
Today on #DataPrivacyDay, @SFLCin is bringing you some tips and quick fixes to help protect your privacy online.
#DataPrivacyDay2021 #PrivacyAware #privacy #cybersafety #dataprivacy
We as a generation use #SocialMedia almost obsessively. Most of us have accounts on social media websites like #Facebook, #Instagram & #Twitter.
#SocialSecurity #cybersecuritytips #PrivacyAware
We also keep hearing about various #Hacking, #Phishing attempts and in times like these it is important to understand the basics of social media privacy settings to secure yourself from such attempts.
#PrivacyAware
Read 14 tweets
New backdoor dubbed WizardUpdate, delivered via .PKG file Notarized by @Apple 😟👾 The Apple Developer ID is: Fiona Torok (M9S7M3WX5P). The .PKG hash is: 47fea0cf1eb04b5b0d7aba8c93646d8b63aae11783f629405cb7f93134dd6f86 delivered through ITW Browser Push Notifications
.PKG have post/pre install scripts that downloads & execute a dummy WebView based app, browsing to get[.]adobe[.]com, the App is : ae0fac3473e2d29cc06e425dbe72801504a63fbbd92c0f5546f18304b09fc9b8 DLVPlayer.app/Contents/MacOS… signed by the same developer cert.
.PKG installer script also downloads the WizardUpdate backdoor that is executed every 3 hours via a Launch Agent. The archive of this backdoor is downloaded from cdnassets[.]dlvplayer[.]com
Read 8 tweets
🔥 #AdventOfReversing 1/24 🔥
Get dirty as soon as possible. Don't fall into thinking you are not ready. Sure, you will be confused by many things at first. That's fine! I used to confuse sections and segments when I started. Keep pushing, and things will become clear naturally.
🔥 #AdventOfReversing 2/24 🔥
Get used to (re)name *everything* in your disassembler. You might be able to mentally track data across registers and memory for small crackmes w/ easy control flow, but this does not scale at all. Unclutter your mind. Make your life easier.
🔥 #AdventOfReversing 3/24 🔥
You really want to have some programming foundations, but which languages? I mostly agree with this post by @MalwareTechBlog:

🐍 Python
🏗️ C
⚙️ ASM (different flavors: x86(-64) desktop, ARM mobile...)

Give it a read! 📰
malwaretech.com/2018/03/best-p…
Read 19 tweets
(THREAD): Did you find a #phishing page or a piece of #malware using @telegram for exfil? Here are some useful techniques to grab additional intel on these artifacts. @JCyberSec_ @sysgoblin @dave_daves @PhishKitTracker @urlscanio @nullcookies @ninoseki
1/9 Look for any strings or traffic that call out to api.telegram.org . If you see something like: 'api.telegram[.]org/bot12345:base64key/endpoint?chat_id=-12345', you're in business
Read 11 tweets
It’s our birthday! #CISAgov was established on November 16, 2018. From elections to COVID-19 to natural disasters and more, year two has been action-packed. Let’s take a trip down memory lane…
Informed by #cyber intelligence and real-world events, we issued several insight products, providing background on #cyber threats, #vulnerabilities, and mitigation activities: cisa.gov/insights #InfoSec
One key insight was in in January when we warned partners about potential Iranian retaliation against U.S. organizations—and advised them on how to assess and strengthen their physical & cyber security. This is the kind of rapid information-sharing we aim for! #InfoSecurity
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!