HackDig : Dig high-quality web security articles for hacker

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w
Publish At:2019-12-03 16:50 | Read:277 | Comments:0 | Tags:Threat analysis backdoor banking Trojan banking Trojans cred

The Day MegaCortex Ransomware Mayhem Was Averted

Averting cyberattacks planned out by aggressive threat actors is no easy feat for any organization, and much less for incident response (IR) teams who are usually called in after the attack has caused damage. IBM X-Force Incident Response and Intelligence Services (IRIS) analysts know this firsthand. The problem with this approach is that when an attack is a
Publish At:2019-10-18 10:20 | Read:272 | Comments:0 | Tags:Incident Response Malware Security Intelligence & Analytics

Bad Rabbit: A New Ransomware Campaign Rapidly Spreading Worldwide

October 24, Bad Rabbit is spreading in the wildOn October 2017, a new massive ransomware campaign rapidly spread across Europe, the malware dubbed Bad Rabbit rapidly infected systems of more than 200 major organizations mostly in Russia, Ukraine, Germany, Japan, and Turkey in a few hours.The Bad Rabbit ransomware compromised systems at several big Russ
Publish At:2017-10-27 13:35 | Read:2917 | Comments:0 | Tags:Malware Analysis

CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware

The CSE CybSec Z-Lab Malware Lab analyzed the Hospitality malware used by the Russian APT28 group to target hotels in several European countries. The Russian hacker group APT28, also known as Sofacy or Fancy Bear, is believed to be behind a series of attacks in last July against travelers staying in hotels in Europe and Middle East. This attack is performed
Publish At:2017-10-05 17:05 | Read:3777 | Comments:0 | Tags:APT Breaking News Cyber warfare Malware APT28 cyber espionag

POS Malware Breach Sees Payment Cards Hit Underground Shops

News about POS malware breaches affecting two retailers hit the headlines last week, this time featuring a fast-food restaurant chain in the U.S. that operates around 3,500 locations across the country, most of which are franchised, and a popular supermarket. Both entities, like others before them, were notified of suspicious activity by a third-party servic
Publish At:2017-10-04 03:05 | Read:6014 | Comments:0 | Tags:Data Protection Fraud Protection Malware Retail Threat Intel

CSE CybSec ZLAB Malware Analysis Report: Petya

I’m proud to share with you the second report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report Petya. CybSec Enterprise recently launched a malware Lab called it Z-Lab, that is composed of a group of skilled researchers and lead by Eng. Antonio Pirozzi. It’s a pleasure for me to share with you the
Publish At:2017-09-23 09:15 | Read:2911 | Comments:0 | Tags:Breaking News Malware malware Malware Analysis Petya ransomw

CSE CybSec ZLAB Malware Analysis Report: NotPetya

I’m proud to share with you the first report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report NotPetya. As most of you already know I have officially presented my new Co a couple of months ago, CybSec Enterprise is its name and we already started to work on strategic projects that we will reveal soon R
Publish At:2017-09-18 18:30 | Read:3811 | Comments:0 | Tags:Breaking News Malware Reports malware Malware Analysis notpe

Just a Passing Fad? Fidget Spinners and the Malware Sandbox

This is the first installment in a three-part series about malware sandboxing. Stay tuned for more information. When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the same disd
Publish At:2017-08-29 10:15 | Read:2915 | Comments:0 | Tags:Malware Threat Intelligence Advanced Malware Behavioral Anal

Using a Free Online Malware Analysis Sandbox to Dig Into Malicious Code

The continuous advancement and sophistication of cyberthreats has gradually decreased the sufficiency of traditional gateway and endpoint security solutions for protection against malware. These approaches were sufficient when malware occurred in small numbers and it was easy to differentiate between good and bad applications. Nowadays, there’s a world
Publish At:2017-08-28 12:55 | Read:3658 | Comments:0 | Tags:Incident Response Malware Malware Analysis Sandbox Sandboxin

Hello, My Name Is Space Rogue

IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent. Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym. The
Publish At:2017-07-28 03:30 | Read:7498 | Comments:0 | Tags:Application Security Security Services X-Force Research IBM

Petya Ransomware Initial Analysis

The document below is an initial level analysis of the recent Petya Ransomware (2017). We will also discuss an analysis of a dll variant of the ransomware.Ransomware Objective:Encrypt the target machine and ask for ransom (in Bitcoins) to decrypt it.Analysis Objective:First, this document does not contain all of the indicators but will explain the spec
Publish At:2017-07-27 00:15 | Read:3081 | Comments:0 | Tags:Malware Analysis

Vault 7 Data Leak: Analyzing the CIA files

Digging the Vault 7 dumpsIn a first post on the Vault7 dump, we analyzed the information contained in files leaked by Wikileaks and allegedly originating from a network of the U.S. Central Intelligence Agency (CIA).At the time, we analyzed the following CIA projects:The Year Zero that revealed CIA hacking exploits for hardware and software.The Dark Mat
Publish At:2017-07-20 20:35 | Read:4229 | Comments:0 | Tags:Malware Analysis

The Limits of Linguistic Analysis for Security Attribution

Everyone wants to know who was behind the latest audacious cyberattack. Security professionals have long attempted to identify threat actors through linguistic analysis, but this method is limited when it comes to attribution. Part of the problem is that cybercriminals purposely build deception mechanisms into their code. “Deception is always a major
Publish At:2017-07-14 17:35 | Read:2531 | Comments:0 | Tags:Network Risk Management Malware Malware Analysis Programming

Which Malware are Specifically Designed to Target ISC Systems?

Introduction – ICS malware, a rarity in the threat landscapeAt the end of May, security experts discovered a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0. The flaw has been promptly fixed by the maintainers of the project. The vulnerability, tracked as CVE-2017-7494, can be exploited by an
Publish At:2017-06-20 22:20 | Read:5897 | Comments:0 | Tags:Malware Analysis

More Bypassing of Malware Anti-Analysis Techniques

For last few articles, we have seen how malware employs some anti-analysis techniques and how we can bypass those techniques. Now, let’s raise the bar a bit more and look out for more advanced anti-analysis techniques.In this article, we will look at how we can reach the Original Entry Point of a packed Exe and then how malware can trick to overr
Publish At:2017-06-14 00:35 | Read:2643 | Comments:0 | Tags:Malware Analysis


Share high-quality web security related articles with you:)


Tag Cloud