Today I’d like to share an interesting and heavily obfuscated Malware which made me thinking about the meaning of “Targeting Attack”. Nowadays a Targeted Attack is mostly used to address state assets or business areas. For example a targeted attack might address Naval industry (MartyMcFly example is definitely a great example) or USA companies (Botnet […]Read more "From Targeted Attack to Untargeted Attack"
Today I want to share a quick analysis on a new leaked APT34 Tool in order to track similarities between APT34 public available toolsets. This time is the APT34 Jason – Exchange Mail BF project to be leaked by Lab Dookhtegan on June 3 2019. Context According to FireEye, APT 34 has been active since […]Read more "APT34: Jason project"
On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). One of the first difficulties I met was on finding a classified testing set in order to run new algorithms and to test specified features. So, I came up with this blog post and this GitHub […]Read more "Malware Training Sets: FollowUP"
The APT34 Glimpse project is maybe the most complete APT34 project known so far. Indeed we might observe a File based command and control (quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. This last feature is the most appreciated characteristics attributed to APT34. But let’s move […]Read more "APT34: Glimpse project"
Today I’d like to share a quick analysis on the webmask project standing behind the DNS attacks implemented by APT34. Thanks to the leaked source code is now possible to check APT34 implementations and techniques. Context: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the […]Read more "APT34: webmask project"