Today I’d like to share another interesting analysis made by my colleagues and I. It would be a nice and interesting analysis since it targeted many Italian and European companies. Fortunately the attacker forgot the LOG.TXT freely available on the dropping URL letting us know the IP addresses who clicked on the first stage analysed […]Read more "DMOSK Malware Targeting Italian Companies"
Today I’d like to share an interesting (at least to me) analysis on a given sample. I have called this sample MalHide but you will see “why” only at the end of my post :D. I believe this is a quite interesting Malware since it firstly implements several obfuscation stages by using different obfuscation techniques […]Read more "MalHide: an interesting Malware sample"
Nowadays is hard to give strong definitions on what are the differences between Security Operation Centers (SOC), Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) since they are widely used in many organisations accomplishing very closed and similar tasks. Robin Ruefle (2007) on her paper titled “Defining Computer Security Incident Response […]Read more "CERTs, CSIRTs and SOCs after 10 years from definitions"
On January 18 a colleague of mine (Luca) called me telling a malicious email was targeting Italian companies. This is the beginning of our new analysis adventure that Luca and I run together. The email pretended to be sent by “Ministero dell’ Economia e delle Finanze” the Italian Department of Treasury and it had a […]Read more "Huge Botnet Attacking Italian Companies"
Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code makes impossible to assert “This attack belongs to X”. Indeed nowadays makes more sense talking about Attribution Probability rather then Attribution by itself. “This attack belongs to X with 65% of attribution probability” it would be a correct sentence. I […]Read more "Info Stealing: a new operation in the wild"
Hi folks, today I’d like to share a nice trick to unprotect password protected VB scripts into Office files. Nowadays it’s easy to find out malicious contents wrapped into OLE files since such a file format has the capability to link objects into documents and viceversa. An object could be a simple external link, a […]Read more "Unprotecting VBS Password Protected Office Files"