malware

The Rising of Protestware During Times of War

November 20, 2023November 20, 2023

In the ever-evolving landscape of cybersecurity threats, a disconcerting phenomenon has emerged, challenging the conventional notions of malicious software. Enter “protestware” — a term that sends shivers down the spines of cybersecurity experts and individuals alike. Unlike traditional malware, protestware isn’t designed with the sole purpose of exploiting vulnerabilities or stealing sensitive information. Instead, it […]

Malware Persistence Locations: Windows and Linux

September 23, 2023September 23, 2023

Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its presence over an extended period. This persistence is achieved through various covert techniques, […]

Polymorphic Malware Using #AI

May 25, 2023May 25, 2023

In the ever-evolving landscape of cybersecurity, malicious actors constantly seek new ways to infiltrate computer systems, wreak havoc, and exploit vulnerabilities. One of their most insidious tools is polymorphic malware, a shape-shifting threat that challenges traditional defense mechanisms and poses a formidable challenge to organizations and individuals alike. In this blog post I will investigate […]

Reversing Emotet Dropping Javascript

March 22, 2023March 22, 2023

Recently (On March 18 2023 at 23:44), a new malspam campaign has been observed in the wild ( HERE ), which caused a significant amount of concern. This campaign is designed to distribute malicious emails, which contain a harmful payload that can infect a user’s system, steal sensitive information, or launch other types of attacks. […]

Malware Families CheatSheet

March 2, 2023March 2, 2023

During talks and presentations people often ask me how do I remember so many names, different “artifacts” (a.k.a Malware) and groups. I actually ended up with a “hemmm … well… actually I just remember them since I read and write a lot about cyber threats”. So here it comes the Malware Family CheatSheet. This work […]

Onenote Malware: Classification and Personal Notes

February 4, 2023February 4, 2023

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […]

Is Hagga Threat Actor (ab)using FSociety framework ?

November 21, 2022November 21, 2022

Introduction Today I’d like to share a quick analysis initiated during a threat hunting process. The first observable was found during hunting process over OSINT sources, the entire infrastructure was still up and running during the analyses as well as malicious payload were downloadable. Analysis My first observable was a zipped text file compressing a […]

Windows System Calls For Hunters

August 23, 2022August 23, 2022

Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad. For example the system call “encrypt” could be used by a privacy oriented software to encrypt content before shipping-it to a cloud storage or it could […]

Cyber Threats Tracker: Status Update

June 22, 2022June 22, 2022

Today a simple update from my Cyber Threats Observatory (available HERE). Six months of this crazy year are over and it’s time to check some cyber threats trends. Once upon a time there was Emotet. It was on the TOP 5 on every ranking list, it reached the 5th epoch and it was able to […]

A Malware Analysis in RU-AU conflict

May 10, 2022May 10, 2022

Introduction We are living difficult times. From pandemic to Russia-Ukraine war. I was tempt to let a white post for remembering such a devastating times in my personal web corner, but I came out with the idea to remember these times by analyzing an involved sample in current cyber-conflicts. I start looking for Malware and […]