A .CSV file could be a malware carrier and if interpreted by Microsoft Excel it could become a malware executor ! When I personally saw this technique back in 2017 (please take a look to here, here and here ) I was fascinated. A simple and sweet textual file forcing the behaviour of powerful and […]Read more "Spreading CSV Malware over Google Sheets"
On January 19th we downloaded Collectoin #1 to make statistics on its content (you might find more information here). During these days we finished the two main activities to be able to answer some more questions about it data: (i) ELK import and (ii) building of simple views to visualise desired informations. The following image shows […]Read more "“Collection #I” Data Breach Analysis – Part 2"
Few weeks ago I wrote about “How Data Breaches Happen“, where I shared some public available “pasties” within apparently (not tested) SQLi vulnerable websites. One of the most famous data breach in the past few years is happening in these days. I am not saying that the two events are linked, but I have fun […]Read more "“Collection #I” Data Breach Analysis – Part 1"
Data breaches happen. Today, as never before, data plays a fundamental role in our real life. Everybody is both: dataproducer and dataconsumer. We are data producer by simply moving from one building to another one, having a smartphone in our pocket or surfing the web or just by tapping on smartphone applications. We are data consumer […]Read more "How to data breaches happen"
Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leader in the field of security and defensive military grade Naval ecosystem in Italy. Everything started from a well crafted email targeting the right office […]Read more "MartyMcFly Malware: Targeting Naval Industry"
Today I’d like to share a simple analysis based on fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero crypto currency and probably everybody knows that it has built upon privacy, by meaning It’s not that simple to figure out Monero wallet balance. Sustes (mr.sh) is […]Read more "Sustes Malware: CPU for Monero"
Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many obfuscation steps and implementation languages. During the analysis time only really few Antivirus (6 out of 60) were able to […]Read more "Interesting hidden threat since years ?"
Machine learning (ML) is a great approach to detect Malware. It is widely used among technical community and scientific community with two different perspectives: Performance V.S Robustness. The technical community tries to improve ML performances in order to increase the usability on large scale while scientific community is focusing on robustness by meaning how easy […]Read more "Attacking Machine Learning Detectors: the state of the art review"
Today I’d like to share another interesting analysis made by my colleagues and I. It would be a nice and interesting analysis since it targeted many Italian and European companies. Fortunately the attacker forgot the LOG.TXT freely available on the dropping URL letting us know the IP addresses who clicked on the first stage analysed […]Read more "DMOSK Malware Targeting Italian Companies"
Today I’d like to share an interesting (at least to me) analysis on a given sample. I have called this sample MalHide but you will see “why” only at the end of my post :D. I believe this is a quite interesting Malware since it firstly implements several obfuscation stages by using different obfuscation techniques […]Read more "MalHide: an interesting Malware sample"