9618
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
screeck?si=zDeQUon6Ye4Rvja2" rel="nofollow">https://youtube.com/@screeck?si=zDeQUon6Ye4Rvja2
Читать полностью…
I'm was found a lot of urls, but they're not giving answers for my idea in my mind: what if some AI will write polymorphic virus? I think it will bypass all xdr, dlp and uba
Читать полностью…
Hi for everyone, who can tell me or give some urls about polymorphic viruses evolution wrote in asm and is there are actually today?
Читать полностью…
It is not in the scope of the topic of this group
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: GY GUNNA
User ID: 7941318375
Reason: illegal activity
Who's active now fresh 🏦 open ups available check my bio
Читать полностью…
What is this "new C2"?
Cobalt Strike? It's very common
If you have the sample, then can you upload it to malshare and share it here?
Читать полностью…
plenty in our country, to manage floods
but seems nothing related to malware research
May I ask to download these sample from.VT?
https://www.virustotal.com/gui/file/1eeb7e057e736b0dc9eb4490a7462a6399b0cf734aaf5eb089924bdce11218b0/details
Thanks
because according to the doc
In the Windows registry, the key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804 contains several values that define the properties of a specific keyboard layout. Among these values:
Layout File: Specifies the name of the DLL file associated with this keyboard layout.
Layout Text: Provides a human-readable name for the keyboard layout.
or maybe something as simple WSL... I think many EDRs have problems with this, because they can't see anything in there...
or bring your own VM... another bring your own VM
yeah. when it was initially implemented by Chrome, I think I saw chatter about it
it's also where the confusion of device bound session credentials and app bound encryption came about
Hi, I’m getting many binaries wiped when I execute them despite gochecker marks them as undetected
Читать полностью…
I can't install gns3 on my linux, it is giving me various errors....how can i solve this ?
Читать полностью…
How can I close a Telegram channel or group, whatever it is?
Читать полностью…
Reported GY GUNNA [7941318375] to admins.
LOL. I found back the article, and it's 3 years old
Читать полностью…
Have you heard about this new C2 already? It's the next thing
Читать полностью…
sure, here it is
https://malshare.com/sample.php?action=detail&hash=1eeb7e057e736b0dc9eb4490a7462a6399b0cf734aaf5eb089924bdce11218b0
Does anyone had analysis of slapstick pam backdoor malware? I just running that and there is message or error segfault like the image below
I'm glad to see your insight
Thank you
MD5: f2142b171e5df2f58742bf61c0f878c6
if it's not urgent or if no one else has shared, I will upload it here around 10am (GMT + 8) tomorrow
Читать полностью…
Hello @Enhance2, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hi! I found this C:\Windows\System32\TX.dll
https://www.virustotal.com/gui/file/657f90984537b3162d2756f3d97ed5d128672ce81ee10f257b04d3d4a3440748/
And the registry key:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
is set to TX.dll
Do you know under which circumstances you can trigger the execution of this dll?
https://charlie.fish/posts/2023/10/creating-dark-web-tor-onion-service-website/
I think this should give some ideas for detection
I'm just curious how it would port over to Windows... since most infostealers are Windows malware 😬
you might see BYOS - Bring Your Own Servers 🫣