Cyber Threats Observatory Gets Improvements

Today I am so happy to announce a big improvement in the threats observatory (available for here). The main improvement sees the introduction of clustering stereotypes for each tracked malware family in three different behaviors: Domains, Files and Processes. Every malware does specific actions on domains, files and processes realms by meaning that every sample […]

Read more "Cyber Threats Observatory Gets Improvements"

Working From Home: Building Your Own Setup

This is the fifth week my company (Yoroi) and I are working from home (covid-19). While every company process is running smooth and fast, personal quarantine is getting quite long and heavy especially if you are accustom to travel a lot for working purposes. Under these circumstances home office setup becomes very important as you […]

Read more "Working From Home: Building Your Own Setup"

Cyber Threat Trends Dashboard

Introduction Information sharing is one of the most important activity that cybersecurity researchers do on daily basis. Thanks to “infosharing” activities it is possible to block or, in specific cases, to prevent cyber attacks. Most of the infosharing activities involved in cybersecurity are mostly focused on Indicator of Compromise such as: URL, IPs, Domains and […]

Read more "Cyber Threat Trends Dashboard"

Frequent VBA Macros used in Office Malware

Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft Powerpoint as Malware Dropper, MalHIDE, Info Stealing: a New Operation in the Wild, Advanced All in Memory CryptoWorm, etc. […]

Read more "Frequent VBA Macros used in Office Malware"

Writing Your First Bootloader for Better Analyses

From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your disk and eventually asking for a ransom before restoring original disk-configurations (Petya was just one of the most infamous boot-ransomware). But this is […]

Read more "Writing Your First Bootloader for Better Analyses"

Similarities and differences between MuddyWater and APT34

Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. From here the idea to compare the leaked source code of two different state sponsored […]

Read more "Similarities and differences between MuddyWater and APT34"