Twitter | Search | |
Search Refresh
CERT Polska 30 Jan 17
Detailed analysis of , one of the most obfuscated .s around
Reply Retweet Like
that_malware_guy Oct 19
hosted on IP > 47.52.246.153
Reply Retweet Like
CERT Polska 1 Jun 18
Sometimes a simple dropper becomes more powerful than the others. Here is our analysis of dropping since 2016 (currently and ).
Reply Retweet Like
Hybrid Analysis 26 May 17
[Attention] Here is (banker trojan) using unused windows KBs as the payload name:
Reply Retweet Like
d00rt 23 Apr 18
A simple script for making easier the analysis of using IDA Pro
Reply Retweet Like
Brad May 3
2019-05-03 - Quick post: infections with or - Several Word doc examples, two files, and some /artifacts from today's Ursnif infection with Nymaim available at:
Reply Retweet Like
Bank Security Apr 5
Reply Retweet Like
Marcelo Rivero 5 Apr 17
with 2-for-1 malware delivery: + - Now seems to add a new player to the combo: 3-for-1 + +
Reply Retweet Like
Ross Morley 17 Apr 16
Reply Retweet Like
Johannes Bader 29 Apr 18
I just published a blog post on a new word-list-based domain generation algorithm of the Nymaim malware: . The algorithm has already been included in the DGArchive . .
Reply Retweet Like
Brad Nov 8
2018-11-08 - Three recent infections from pushing (or Gozi/ISFB) - saw as the follow-up malware (saw on 2018-11-05 - Email example, 3 files of infection traffic, and associated at
Reply Retweet Like
coldshell Jan 18
I've released on GitHub an old PoC to deobfuscate samples. PoC: (cc: )
Reply Retweet Like
Vitali Kremez 18 Jul 18
7-18-2018: 🇵🇱 Hardcoded C2: ['sgjvxwerion[.]com', 'fenrsiofue[.]com'] | Gate Traffic -> Fragment { http_uri; content:"/dbqhh0e/index.php"; } Thanks to for the lead👍 | Stay safe! ☑️IOCs:
Reply Retweet Like
\_(ʘ_ʘ)_/ Nov 28
Replying to @Mesiagh
Yep, i saw some of them.. pw:1234
Reply Retweet Like
Racco42 @ the beach Feb 17
Malspam "<something> faktura nr NNN/02/SNDEnk/2019 NNN" hxxps://streetfood2you.com/show208.php UA: Windows geolocked to PL?, will probably drop
Reply Retweet Like
Cyber Moist Ointment 15 Mar 16
Seeing these "targeted" today. Are these being sent to the company names in the attachment?
Reply Retweet Like
VikingSec is Supporting the Hong Kong Revolution 26 Mar 18
Looks like the RE Roulette Wheel landed on , so I’ll be doing a deep dive on a over the coming weeks. That being said, still new to RE, so any and all hints are welcome.
Reply Retweet Like
Artsiom Holub 26 Jul 18
Reply Retweet Like
James Nov 7
More with passworded docs, this time link -> doc -> http://indicasativas[.]com/eeneidka -> http://68.183.114[.]220/Resume.doc -> http://209.141.60[.]230/516.exe hash 3c965f10097e0dffb7333da2b447361c on
Reply Retweet Like
Hybrid Analysis 10 Jul 17
[Attention] Here is a sample from the fresh banking trojan campaign targeting poland: //
Reply Retweet Like