Posts tagged Malware

2 min Malware

What Exactly is Duqu 2.0?

Overview: Duqu, a very complex and modular malware platform thought to have gone dark in late 2012, has made its appearance within the environment of Kaspersky Labs. [https://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237] Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware represents a high level of sophistication, skill, funding and motivation seen by nation-sponsored actors. Infections related to this malware have reveale

9 min Malware

ByeBye Shell and the Targeting of Pakistan

Asia and South Asia are a theater for daily attacks and numerous ongoing espionage campaigns between neighboring countries, so many campaigns that it's hard to keep count. Recently I stumbled on yet another one, which appears to have been active since at least the beginning of the year, and seems mostly directed at Pakistani targets. In this article we're going to analyze the nature of the attacks, the functionality of the backdoor - here labelled as ByeBye Shell - and the quick interaction I h

15 min Malware

Skynet, a Tor-powered botnet straight from Reddit

While wandering through the dark alleys of the Internet we encountered an unusual malware artifact, something that we never observed before that gave us fun while we meticulously dissected it until late night. The more we spent time looking at it, the more it started to look unusually familiar. As a matter of fact it turned out being the exact same botnet that an audacious Reddit user of possible German origin named “throwaway236236” described in a very popular I Am A thread you can read here [

13 min Malware

Analysis of the FinFisher Lawful Interception Malware

It's all over the news once again: lawful interception malware discovered in the wild being used by government organizations for intelligence and surveillance activities. We saw it last year when the Chaos Computer Club unveiled a trojan being used by the federal government in Germany, WikiLeaks released a collection of related documents in the Spy Files, we read about an alleged offer from Gamma Group to provide the toolkit FinFisher to the Egyptian government, and we are reading once again now

4 min Malware

Cuckoo Sandbox 0.4 Simplifies Malware Analysis with KVM support, Signatures and Extended Modularity

That's right, the much anticipated and long awaited 0.4 release is finally here! Just like divas arrive late at the gala, we took some more time than expected, but are now worthy of a triumphant entrance. If you're not familiar with Cuckoo Sandbox, it's an open source solution for automating malware analysis. What does that mean? Simply that you can throw any suspicious file at it and after a few seconds it will give you back detailed information on what that file does when executed inside a