Polymorphic Malware Using #AI

In the ever-evolving landscape of cybersecurity, malicious actors constantly seek new ways to infiltrate computer systems, wreak havoc, and exploit vulnerabilities. One of their most insidious tools is polymorphic malware, a shape-shifting threat that challenges traditional defense mechanisms and poses a formidable challenge to organizations and individuals alike. In this blog post I will investigate […]

Read more "Polymorphic Malware Using #AI"

Onenote Malware: Classification and Personal Notes

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […]

Read more "Onenote Malware: Classification and Personal Notes"

Is Hagga Threat Actor (ab)using FSociety framework ?

Introduction Today I’d like to share a quick analysis initiated during a threat hunting process. The first observable was found during hunting process over OSINT sources, the entire infrastructure was still up and running during the analyses as well as malicious payload were downloadable. Analysis My first observable was a zipped text file compressing a […]

Read more "Is Hagga Threat Actor (ab)using FSociety framework ?"

Windows System Calls For Hunters

Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad. For example the system call “encrypt” could be used by a privacy oriented software to encrypt content before shipping-it to a cloud storage or it could […]

Read more "Windows System Calls For Hunters"

From a Phishing Page to a Possible Threat Actor

Disclaimer This blog post, as all the blog posts in my web-corner, want to share cybersecurity related researches and personal experiences in order to improve threats analysis, risks and cybersecurity awareness. In this specific cases junior cybersecurity analysts could improve their skills for free by understanding how to build threat intelligence and how to track […]

Read more "From a Phishing Page to a Possible Threat Actor"

DiskKill/HermeticWiper and NotPetya (Dis)similarities

Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […]

Read more "DiskKill/HermeticWiper and NotPetya (Dis)similarities"