HackDig : Dig high-quality web security articles for hackers

Simple DGA Spotted in a Malicious PowerShell

DGA (“Domain Generation Algorithm“) is a technique implemented in some malware families to defeat defenders and to make the generation of IOC’s (and their usage – example to implement black lists) more difficult. When a piece of malware has to contact a C2 server, it uses domain names or IP addresses. Once the malicious code analyzed,
Publish At:2020-07-14 19:32 | Read:493 | Comments:0 | Tags:Malware Security DGA

Research Spotlight: Learning Detectors of Malicious Network Traffic

This post was authored by Karel Bartos, Vojtech Franc, & Michal Sofka.Malware is constantly evolving and changing. One way to identify malware is by analyzing the communication that the malware performs on the network. Using machine learning, these traffic patterns can be utilized to identify malicious software. Machine learning faces two obstacles: obta
Publish At:2015-09-03 14:25 | Read:3629 | Comments:0 | Tags:Threat Research dga machine learning Malware Analysis

CoreBot Malware Steals Credentials-For Now

A new piece of data-stealing malware has a real thirst for credentials—and the potential for worse trouble down the line.IBM today published a report on CoreBot, generic information-stealing malware designed with enough flexibility to soon ramp up its capabilities to exfiltrate data in real time. “CoreBot appears to be quite modular, which means that
Publish At:2015-08-31 18:15 | Read:50469 | Comments:0 | Tags:Malware Web Security banking trojan CoreBot DGA domain gener

Research Spotlight: Detecting Algorithmically Generated Domains

This post was authored by Mahdi Namazifar and Yuxi PanOnce a piece of malware has been successfully installed on a vulnerable system one of the first orders of business is for the malware to reach out to the remote command-and-control (C&C) servers in order to receive further instructions, updates and/or to exfiltrate valuable user data. If the rendezvou
Publish At:2015-08-08 22:35 | Read:6435 | Comments:0 | Tags:Threat Research dga Talos

Updated DGA Changer Malware Generates Fake Domain Stream

LAS VEGAS — The group behind the DGA Changer downloader has been pretty adept in modifying the malware to elude sandbox detection in particular.Researchers at Seculert today published a report on the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detects it’s being executed in a virtual machine, a hallma
Publish At:2015-08-06 20:30 | Read:3487 | Comments:0 | Tags:Black Hat Malware Aviv Raff Black Hat 2015 botnet DGA DGA Ch

Matsnu Botnet DGA Discovers Power of Words

Domain generation algorithms have been botmasters’ favorite tool for keeping malware up and running—and for frustrating security researchers and detection technologies.Like malware, DGAs evolve, thus complicating an already tricky cat-and-mouse game between criminals and white hats.Related PostsRovnix Variant Surfaces With New DGAOctober 9, 2014 , 2:17
Publish At:2014-11-18 11:45 | Read:3691 | Comments:0 | Tags:Malware Web Security Aviv Raff backdoor Bayrob Botnets comma

Identifying Malware Traffic with Bro and the Collective Intelligence Framework (CIF)

By Ismael Valenzuela.In this post we will walk through some of the most effective techniques used to filter suspicious connections and investigate network data for traces of malware using Bro, some quick and dirty scripting and other free available tools like CIF.This post doesn’t pretend to be a comprehensive introduction to Bro (check the references
Publish At:2014-08-12 02:11 | Read:7714 | Comments:0 | Tags:BRO CIF DGA DNS forensics. malware Network OSINT packets pca

Tools