Malware Research

03 Nov 2024 20:39

Hello i need a cyber security expert for paid mission

Malware Research

02 Nov 2024 13:08

Has anyone come across The Paradox malware before?

Just wandered around on youtube, another cheat - ok, drop in 3(?) stages

obfuscated .bat {Exploit UAC + WD}
7aa4dc47991ed55ce962b00d48f04ac8 (On anyrun)
https://app.any.run/tasks/3905f454-e0f2-4f4c-af7a-2aa33edb145a
C# dropper
f4d0884562f73348674470145b34b735 (On anyrun)
https://app.any.run/tasks/7d82ed21-930e-482c-82dc-d19a0cc431bd
It downloads a C# payload of a stub stub similar to rootkit
https://www.virustotal.com/gui/file/35e9fc6d67be2d1c6b980631212a36788eb91b75e7d7ccd2abe34707d52eb735
There is only one working C2 left - https://fdute32sdajfsda.hopto.org/

Malware Research

02 Nov 2024 08:01

Tpeбyютcя нecкoлькo чeлoвeк для coвмecтного зapaбoткa на кpиптoвaлютe!
Минимaльнaя зaнятocть.
Oбyчeниe пpeдocтавляем.
Ждy всex жeлающиx!

Malware Research

01 Nov 2024 20:44

Hello Nikhil, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

31 Oct 2024 18:24

Hey can someone share some samples of GuLoader compiled in one zip

Malware Research

31 Oct 2024 10:51

That's really cool. Thanks for sharing.

Malware Research

31 Oct 2024 10:30

Which LLM model did you used? How did you prompt?

Did you gave the model a source code and asked it to write ast parser to do xyz?

Malware Research

31 Oct 2024 09:09

Nice work once again

Malware Research

31 Oct 2024 08:05

First off, happy Diwali to everyone and their families!

Second, this is a blog post alert!

This one is about developing tooling to deobfuscate JavaScript malware using Abstract Syntax Trees (ASTs). We will look at:

● Removal of junk comments.
● Removal of junk unused variables.
● Simplifying function bodies.
● Signaturizing ASTs to auto-rename functions.
● Deobfuscating the recently reported MintsLoader malware.

Blog link: https://nikhilh-20.github.io/blog/deob_js_ast/

Disclosure: The tooling code was generated through a LLM. I provided the ideas and directed the model to create the relevant code. Without this assistance, it would have taken me longer to codify the concept, given that I’m not deeply versed in JS.

Malware Research

30 Oct 2024 16:59

New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Orkhan Jalal
User ID: 5708493409
Reason: spam

Malware Research

26 Oct 2024 11:57

maldev academy , zero2automate. best way to learn how to analyze malware is to analyze malware - get ghidra or ida pro, a debugger, sandbox, look at samples and start playing around. ofc learn winapi c c++ c# assembly n more if u havent yet

Malware Research

26 Oct 2024 10:18

I am currently working as a SOC Analyst with nine months of hands-on experience in monitoring, incident response, and threat detection. I am keen to advance my career by transitioning into a Malware Analyst role and would appreciate any guidance from you guys regarding the necessary skills, certifications, resources, or study paths to prepare myself for the same

Malware Research

26 Oct 2024 02:51

I think it is a good thing to brush up on some fundamentals before going in.

For keeping up with the news and TTPs, I use MITRE ATTACK as my compass. It is really hard to wrap your head around all of these techniques esp when you only do RE as a hobby and not during your day-to-day work.

Malware Research

26 Oct 2024 01:19

Quick question How can you remote Someones Pc?

Malware Research

26 Oct 2024 00:25

New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Binary Breach
User ID: 1868147043
Reason: spam

Malware Research

02 Nov 2024 13:11

Why do you say that this is paradox malware ?

Malware Research

02 Nov 2024 08:31

New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Юрий
User ID: 1990400078
Reason: spam

Malware Research

02 Nov 2024 07:47

search Malware Bazaar for it

Malware Research

01 Nov 2024 10:53

Hello Mahbubor Rahman, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

31 Oct 2024 11:49

Guys i know Nothing but i like this 🙂

Malware Research

31 Oct 2024 10:40

The free version of ChatGPT. I think it used gpt-4-turbo, I haven't checked.

An example prompt when I was working on removing unused variables:

Even the unused variables are showing in usedVars variable. I think the problem is that you're adding a variable to usedVars even for the declaration statement. Ignore declaration statements when updated usedVars

Consider the AST of the following JS code:

var xcssnuyk = thatleft0sovereigntynever; 
var thatleft0falklandwith = thatleft0sovereigntynever; 
var thatleft0notscottish = thatleft0sovereigntynever;

As it turns out, only the first variable is used later in the code. The other 2 are basically junk code. How would you identify such junk code using the AST?

The AST:
...

Malware Research

31 Oct 2024 09:29

The LLM did. I didn't even know the lib existed lol

Malware Research

31 Oct 2024 09:08

Did you picked esprime library or did LLM picked it ?

Malware Research

30 Oct 2024 18:43

New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Leviatan_09 😺
User ID: 716622107
Reason: spam

Malware Research

27 Oct 2024 18:35

Hello Gabriel, welcome to the Malware Research group! Please read the pinned message before you post!

Malware Research

26 Oct 2024 11:20

Twitter, Google Alerts

Malware Research

26 Oct 2024 02:56

Curious to hear where do you get your latest trends.

I know of Malpedia, M-trends (yearly release) and some blogs like Unit 42, ...

Malware Research

26 Oct 2024 02:48

Thanks ♥️🦦 and Libra, this is really great information

Malware Research

26 Oct 2024 00:39

Hey, a question to discuss, how hard nowadays is to bypass CrowdStrike \ SentinelOne EDRs ?

Malware Research

25 Oct 2024 10:54

Heya :)

If I were to interview someone, my questions would depend on the specific role and the maturity level of the role. My expectation of a senior researcher for a malware analysis role differs compared to a junior CTI analyst. Having said that, I'd ask about projects you've done, preferably ones where there is public information on them to be found. Based on that, I'd asses your skills, and ask you questions about the project, such as:

- Where did you get stuck?
- What was your approach when you were stuck?
- How did you solve the issues, and what did you learn?
- Why did you work on said project (especially if its something done in spare time)
- What tools did you use, and why

Additionally, I'd inquire about expectations (not talking salary, I'm not a manager, but about the day to day tasks you would like to do, and what you expect that needs to be done).

Granted, that is more of a "what did you do" line of questioning, so if I were to ask more specifics, I'd ask about some recent campaigns and what you know about them, and if they remind you of something. I.e. email thread hijacking is done by multiple families (i.e. Emotet used to), so if there is a recent report about that and you mention that, I can see if you can link it back to 'historic' events. This is to see if you are keeping an eye out for trends and recent events, and if you can correlate events, which will be required in such a role.

I'm not a fan of asking "how do you exactly walk the PEB" and other specific technical questions, as I feel the job is not trivia based, and I (too) look up how specific things work when I encounter them if I dont use them all too often. You have internet during your work to look things up, but you either are or aren't interested in infosec news, malware trends, etc as a person.