HackDig : Dig high-quality web security articles for hacker

Titanium: the Platinum group strikes again

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The ma
Publish At:2019-11-12 01:05 | Read:272 | Comments:0 | Tags:APT reports Featured Backdoor fileless malware Malware Descr

Dridex: A History of Evolution

The Dridex banking Trojan, which has become a major financial cyberthreat in the past years (in 2015, the damage done by the Trojan was estimated at over $40 million), stands apart from other malware because it has continually evolved and become more sophisticated since it made its first appearance in 2011. Dridex has been able to escape justice for so long
Publish At:2017-05-25 13:15 | Read:4230 | Comments:0 | Tags:Analysis Publications Botnets Financial malware Malware Desc

Use of DNS Tunneling for C&C Communications

– Say my name. –! – You are goddamn right. Network communication is a key function for any malicious program. Yes, there are exceptions, such as cryptors and ransomware Trojans that can do their job just fine without using the Internet. However, they also require their victims to establish contact with the threat actor so they can
Publish At:2017-04-28 13:40 | Read:3420 | Comments:0 | Tags:Blog Research Backdoor DNS Malware Descriptions Malware Tech

Hajime, the mysterious evolving botnet

Introduction Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. One month later we saw the first samples being uploaded from Spain to VT. This worm builds a huge P2P botnet (almost 300,000 devices at the time of publishing this blogpost), but its real purpose
Publish At:2017-04-25 12:00 | Read:7198 | Comments:0 | Tags:Blog Featured Research Botnets honeypot Internet of Things M

Old Malware Tricks To Bypass Detection in the Age of Big Data

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the file: “C:Users123documentsvisual studio 2010Projectsxxmm2Releasetest2.pdb”. We came across an u
Publish At:2017-04-16 11:45 | Read:3348 | Comments:0 | Tags:Blog Research APT Cyber espionage Malware Descriptions Malwa

The security is still secure

Recently WikiLeaks published a report that, among other things, claims to disclose tools and tactics employed by a state-sponsored organization to break into users’ computers and circumvent installed security solutions. The list of compromised security products includes dozens of vendors and relates to the whole cybersecurity industry. The published re
Publish At:2017-04-16 11:45 | Read:3916 | Comments:0 | Tags:Blog Opinions Antivirus Technologies Antivirus Vulnerabiliti

Malicious code and the Windows integrity mechanism

Introduction Ask any expert who analyzes malicious code for Windows which system privileges malware works with and wants to acquire and, without a second thought, they’ll tell you: “Administrator rights”. Are there any studies to back this up? Unfortunately, I was unable to find any coherent analysis on the subject; however, it is never too
Publish At:2016-11-28 09:20 | Read:4082 | Comments:0 | Tags:Blog Software Malware Technologies Microsoft Windows Securit

Kaspersky Security Bulletin. Predictions for 2017

 Download the PDF Yet another year has flown past and, as far as notable infosec happenings are concerned, this is one for the history books. Drama, intrigue and exploits have plagued 2016 and, as we take stock of some of the more noteworthy stories, we once again cast our gaze forward to glean the shapes of the 2017 threat landscape. Rather than thinly
Publish At:2016-11-16 07:10 | Read:4439 | Comments:0 | Tags:Analysis Featured Kaspersky Security Bulletin APT Cybercrime

Inside the Gootkit C&C server

The Gootkit bot is one of those types of malicious program that rarely attracts much attention from researchers. The reason is its limited propagation and a lack of distinguishing features. There are some early instances, including on Securelist (here and here), where Gootkit is mentioned in online malware research as a component in bots and Trojans. However
Publish At:2016-11-12 08:35 | Read:3073 | Comments:0 | Tags:Blog Research Botnets Financial malware Malware Technologies

Lurk Banker Trojan: Exclusively for Russia

One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don
Publish At:2016-06-10 11:50 | Read:3611 | Comments:0 | Tags:Blog Featured Research Banking Trojan Internet Banking Malwa

Locky: the encryptor taking the world by storm

In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Locky). The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world. Analysis of the s
Publish At:2016-04-06 09:20 | Read:5456 | Comments:0 | Tags:Blog Featured Research Macros Malware Descriptions Malware T

Kaspersky Security Bulletin 2015. Overall statistics for 2015

 Download PDF version Download EPUB Download Full Report PDF Download Full Report EPUB Top security stories Evolution of cyber threats in the corporate sector Overall statistics for 2015 Predictions 2016 The year in figures In 2015, there were 1,966,324 registered notifications about attempted malware infections that aimed to steal mon
Publish At:2015-12-15 10:40 | Read:6585 | Comments:0 | Tags:Analysis Featured Kaspersky Security Bulletin Financial malw

Kaspersky Security Bulletin 2015. Top security stories

 Download PDF version  Download EPUB Targeted attacks and malware campaigns Targeted attacks are now an established part of the threat landscape, so it’s no surprise to see such attacks feature in our yearly review. Last year, in our security forecast, we outlined what we saw as the likely future APT developments. The merger of cybercrime an
Publish At:2015-12-03 09:20 | Read:3953 | Comments:0 | Tags:Analysis Featured Kaspersky Security Bulletin APT Cybercrime

Coinvault, are we reaching the end of the nightmare?

A day after we published our No Ransom Campaign decryptor in the fight against the CoinVault ransomware, we were contacted by a fellow researcher from Panda, Bart Blaze. He kindly suggested that new variants of this dreadful ransomware were available and that he would happily share them with us. After obtaining the new MD5 hashes for the files, we set out t
Publish At:2015-09-17 00:30 | Read:4897 | Comments:0 | Tags:Blog Research Encryption Malware Technologies Ransomware

The Shade Encryptor: a Double Threat

A family of ransomware Trojans that encrypts files and adds the extensions “.xtbl” and “.ytbl” emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors in Russia (along with Trojan-Ransom.Win32.Cryakl and Trojan-Ransom.BAT.Scatter). This threat has been assigned the verdict Trojan-
Publish At:2015-09-14 15:40 | Read:4406 | Comments:0 | Tags:Analysis Publications Malicious spam Malware Descriptions Ma


Share high-quality web security related articles with you:)


Tag Cloud