Ransomware are today very effective and they cause serious problems in many companies, we hear almost everyday entire businesses under ransom and companies who loose turnover and opportunities since have no available data to deal with. For such a reson I feel like I have to contribute in somehow to the community by giving what […]Read more "CONTI Ransomware: Cheat Sheet"
The ransomware builders remind me old times, where Nukes and Exploiters were freely available on the underground communities, when few clicks were enough to bypass many AV vendors and attackers were activists or single people challenging the system. Nowadays the way the “builders” are developed and the way the criminality is abusing them to generate […]Read more "Paradise Ransomware: The Builder"
On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]Read more "Babuk Ransomware: The Builder"
Reverse Engineering is one of the most clear path to study Malware and Threat Attribution, by RE you are intimately observe in the developer mind figuring out techniques and, from time to time, even intents. My current role as a CEO of a mid-sized organization (thousands of people) tries to keep me away from RE, […]Read more "The Allegedly Ryuk Ransomware builder: #RyukJoke"
According to Lab Dookhtegan, which you migth remeber him/their from HERE, HERE and HERE, Binder is a project related to IRGC cyber espionage group build for trojenize google apps (APK). The application “trojenization” is a well-known process which takes as input a good APK and a code to inject (a RAT, for example). The system […]Read more "MuddyWater: Binder Project (Part 1)"
After serveral months (actually 15) from the Cybersecurity Observatory launch (you can find it HERE) I experienced a huge increment of classified Malware from the end of January 2021. The following picture shows how the average samples frequency is just more than twice if compared to the beginning of the month and to the past […]Read more "Malware Family Surface 2021 (Q1)"
Today Yoroi released its last cybersecurity report (available HERE). Following I am copying one of its chapters to give you a little flawor about what you can get for free by downloading it ! Hope you might like its contents. The volume of the malicious code produced and disseminated in the wild is constantly increasing. […]Read more "0-Day Malware (2020)"
Detection is a key point in threat hunting. During the past few weeks, stright in the middle of the winter “holidays” (well, maybe if you live in a place where no COVID-19 lockdown was involved), many people re/started a studying program on cybersecurity. Some of them wrote to me asking if there is a way […]Read more "C2 Traffic Patterns: Personal Notes"
Once upon a time the Malware, the main actor in the entire infection chain. A single file, once executed it was able to perform the tasks it was designed for, forcing the target machine into victim by taking control or simply execuritying desired (sometime priviledged) commands. In 2010, during my PhD studies, I was already […]Read more "Malware Delivery Platforms in 2020"
If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim. Initially attackers use a phishing builder to […]Read more "Introducing PhishingKitTracker"