9686
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
That doesn’t really add smth to your question..
Читать полностью…
It’s typically wise to ask questions directly, as ML, for example, is not a small field. So more context gives ppl an idea of whether they can help you
Читать полностью…
If you do not provide internet to your sandbox, you will miss out on the next non-local stages of the malware you are executing. You do have the advantage that the actor does not know you executed the code. With internet you have the inverse: you can get next stages which aren't local, while the actor might see the activity and draw conclusions from it.
If you are running publicly known samples which aren't targeting your (organisation) specifically, its usually not a problem, as you are one of many. If it is a targeted sample, executing it in a sandbox is an indication that the malware was blocked and/or analysed, which means the attack failed. This provides the attacker with information, which you might not want.
There is no right or wrong, its mainly based on your (organisation's) preferences and threat model
Hello guys, I’m building a malware lab. I have a question regarding the addition of cape. Make sense cape has connection to internet or is not needed? Maybe he can perform the job without internet?
Читать полностью…
For the development of an edr, I wanted to identify any anomalous behavior on the privacy part of Windows. I was looking for malware to reverse or documentation regarding the 'audio icon part on Windows 11. On Windows 10 I can tell if there is an active audio session and there is no icon. But on Windows 11, no. Xk I can't figure out how it is displayed. Can anyone recommend me some documentation?
Читать полностью…
Are there any recent and legit Nighthawk samples?
(They do a good job thwarting analysts by being sponsors of vxu and by posting fake samples)
Just curious, why do you choose LI as a platform to write on?
Читать полностью…
Its good to go for detecting crypto routines, calling conventions, some basic stuff, rest apart it halucinates
Читать полностью…
Has anyone here used LLM models in reversing a binary sample? I have come across a couple of plugins that allows you to use LLM while reversing. I would love to know your experience.
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Cute Boomy
User ID: 6851917847
Reason: no paid jobs
🚨Florida Department of Health Is Hacker. Over 20000 victims data on Hiv, corona-21, hepatitis released on Darkweb by Ransomhub. 🚨
Thousands of files, including doctor’s notes, vaccination and virus test records, and HIV test results for Floridians, were made public on the dark web last week. It occurred following the takeover of state health department files by hackers.
Sensitive data, including test results and COVID-19 diagnoses, was exposed in over 20,000 files that were uploaded. The complete names, dates of birth, addresses, Social Security numbers, and insurance details of several patients from 2023 and 2024 are included in the documents.
https://hackingblogs.com/florida-department-of-health-hacked/
Hi everyone, sorry for bothering you all, there seems to be a new stealer named celestial stealer started out in june 1, I have three samples loaded to virustotal by actor. With pretty big file size because node compilation. Samples are not in anywhere yet. Since there is very little detection because of the filesize or maybe antirev checks(I cannot verify this yet because I do not have samples) vt cannot provide any c2's. Extraction made by telegram and discord webhook I assume. Is it possible for you to give me any of the following samples?
https://www.virustotal.com/gui/file/175b6297970a0e881a4f57a937f0fe9bf528e21cb630cf30ff7c4e46de174b9a/community
https://www.virustotal.com/gui/file/7bc42ac0e3d81987ba90113d9b577a4aeaa7dad77f82b3fcb5522b707f4c8a54/community
https://www.virustotal.com/gui/file/2b5098eda716be0a7cedf56acb2ccd19b977301ac6a9677d182c997eb1787ffe/community
User Todays Cyber News has 1/3 warnings; be careful!
Reason:
don't spam across the groups
Hello Amey, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
its simply who have skills of machine learning, yes im i can develop machine learning with this type xxx
Читать полностью…
Do you have any pegasus's spy ware tutorials regarding how to download it and use
Читать полностью…
Also if you give it internet connection, separate it from your local network and route it via tor network (but that will break things, as it will only accept dns queries and just tcp connections) or some commercial vpn (like nordvpn or any other). Also good way is to use lte modem as dirty internet gateway, you will look less suspicious to the malware owner/operator.
All that effort is for your privacy and security - that malware can start sending spam, ddosing someone, etc. Don't let it use your main internet connection and don't let it connect to other devices in your local network
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: ChrisXchange
User ID: 652696127
Reason: no skids
Hi guys pls anyone got a recommendation for a lip sync tool to make use of to change the original words from a video?
Читать полностью…
User Bar has 2/3 warnings; be careful!
Reason:
please direct link content. Adding social media links is perfectly fine. You were told this multiple times
https://www.linkedin.com/posts/bar-magnezi-ab0987217_malware-analysis-rhadamanthys-activity-7218239526782042113-LsFF?utm_source=share&utm_medium=member_ios
I welcome you to read my new post about rhadamanthys malware 😎
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Todays Cyber News
User ID: 5093082027
Reason: no spam
Hi, you can access them publicly, also 2 of them builded with nsis, samples are not running in the other sandboxes because of the v8 compilation and actual suspended domain errors. Samples are packaged with squirrel installer and are very old. It is under the attention of our team and we are examining the live samples these days. ++ on discord you're right
domains:
admin[.]celestial-stealer[.]dev
capguru-solver[.]com
shared-celestial[.]com - new
love-odyssey[.]com - new
C2:
92[.]246[.]138[.]20:1515/new-wallets - new
92[.]246[.]138[.]20:1515/injection- new
92[.]246[.]138[.]20:3434 /injection
92[.]246[.]138[.]20:3434
/tokens
/cookiesandpasswords
/extensionsandwallets
Samples:
https://app.threat.zone/submission/297e362d-205a-4590-8e77-5d4add132264/dynamic-scan-report
https://app.threat.zone/submission/704034c5-8c4b-4eac-95d2-ec319dc1636e/dynamic-scan-report
https://app.threat.zone/submission/7707e24a-e8d4-4211-afd5-1c0b36c2d62d/dynamic-scan-report
Additionally still there is an active sample in the wild:
https://love-odyssey[.]com/LO-Installer64x.zip
Remind me in 8h i will be on shift and can send them to you
Читать полностью…
Hello Çağrı, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
User 0xLuc|f3r is banned in the current federation (Libra's Empire), and so has been removed.
Reason: no spam
https://hackingblogs.com/fake-ublock-extension-on-chrome/
Читать полностью…