Updated: 2024-07-26 11:51:44
Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):
Updated: 2024-07-26 02:00:02
Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65):
Updated: 2024-07-25 07:21:58
Internet Storm Center Sign In Sign Up Handler on Duty : Didier Stevens Threat Level : green previous next XWorm Hidden With Process Hollowing Published 2024-07-25 Last Updated 2024-07-25 07:21:58 UTC by Xavier Mertens Version : 1 0 comment(s XWorm is not a brand-new malware family[ 1 It's a common RAT Remote Access Tool re-use regularly in new campaigns . Yesterday , I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique[ 2 The sample is called Norman_is_back_RPE_v1.exe SHA256 : nbsp dc406d626a9aac5bb918abf0799fa91ba6239fc426324fd8c063cc0fcb3b5428 It's a Net executable that is , strangely , not obfuscated . It's possible to disassemble it with : ilspycmd remnux remnux : MalwareZoo 20240723$ ilspycmd Norman_is_back_RPE_v1.exe
Updated: 2024-07-25 02:00:02
, , : Internet Storm Center Sign In Sign Up Handler on Duty : Didier Stevens Threat Level : green previous next ISC Stormcast For Thursday , July 25th , 2024 https : isc.sans.edu podcastdetail 9068 previous next Comments Login here to join the . discussion Top of page Ø Diary Archives Homepage Diaries Podcasts Jobs Data TCP UDP Port Activity Port Trends SSH Telnet Scanning Activity Weblogs Threat Feeds Activity Threat Feeds Map Useful InfoSec Links Presentations Papers Research Papers API Tools DShield Sensor DNS Looking Glass Honeypot RPi AWS InfoSec Glossary Contact Us Contact Us About Us Handlers About Us Slack Channel Mastodon Bluesky X © 2024 SANS⢠Internet Storm Center Developers : We have an API for you Link To Us About Us Handlers Privacy Policy
Updated: 2024-07-24 06:45:59
Keylogging is a&#;x26;#;xc2;&#;x26;#;xa0;pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. Back from SANSFIRE, I looked at my backlog of hunting results and found an interesting piece of Python malware. This one implements a keylogger and a screenshot grabber but also... a "mouse logger"&#;x26;#;x21; By mouse logger, I mean that it can collect activity generated by the user&#;x26;#;39;s mouse.
Updated: 2024-07-24 02:00:02
Keylogging is a&#;x26;#;xc2;&#;x26;#;xa0;pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. Back from SANSFIRE, I looked at my backlog of hunting results and found an interesting piece of Python malware. This one implements a keylogger and a screenshot grabber but also... a "mouse logger"&#;x26;#;x21; By mouse logger, I mean that it can collect activity generated by the user&#;x26;#;39;s mouse.
Updated: 2024-07-23 15:46:51
In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported.
Updated: 2024-07-23 02:00:02
In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported.
Updated: 2024-07-22 02:00:02
Last Friday, after Crowdstrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had to spend the weekend remediating the issue.
