On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). One of the first difficulties I met was on finding a classified testing set in order to run new algorithms and to test specified features. So, I came up with this blog post and this GitHub […]Read more "Malware Training Sets: FollowUP"
The APT34 Glimpse project is maybe the most complete APT34 project known so far. Indeed we might observe a File based command and control (quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. This last feature is the most appreciated characteristics attributed to APT34. But let’s move […]Read more "APT34: Glimpse project"
Today I’d like to share a quick analysis on the webmask project standing behind the DNS attacks implemented by APT34. Thanks to the leaked source code is now possible to check APT34 implementations and techniques. Context: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the […]Read more "APT34: webmask project"