9687
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
some stealer in marketplace also have hashes(public in ressearch article) when combine with others exe i think when extract compressed files in it we found exact stealer inside
Читать полностью…
that's new, you have any download samples link ?
Читать полностью…
Guys am dealing with a bunch of stealer files with naming "node.exe" i guess its nodejs file also some of them are electron apps, is there any means to deal with it?
One of them I just found is using *asar* which can be used to extract the actual code
Hi, any recommedations for an EDR with a friendly trial or free seats for learning?
Читать полностью…
Parmanu [1113907741] is currently banned in Libra's Empire.
Reason:
cracks
Date of ban: 25/02/2023
FedAdmin: ❤🦦
The following federations have caused Parmanu to be banned in chats:
- b578caf1-07e7-4e92-9226-f69346180d99: Libra's Empire
If you would like to know more about the fedban reason in a specific federation, use /fbanstat <UserID> <FedID>.
User info:
ID: 1113907741
First Name: Parmanu
Username: @parmanoo
User link: link
Status: banned
This user has been fbanned in the current fed, Libra's Empire.
Reason: cracks
User Parmanu is banned in the current federation (Libra's Empire), and so has been removed.
Reason: cracks
Hello Sagor, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello @MEERFARAZ787, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Maybe if this is feasible, we can keep a track of the campaign before they are used ITW
Читать полностью…
and with the AZstealer-Build.exe in virus total you found it as stealer ?
Читать полностью…
On GitHub there are 2
https://github.com/ComodoSecurity/openedr
https://github.com/0xrawsec/whids
I use whids at home, but be careful how you configure it. I think I have a setting that backs up my VM and ate up all my storage space because of some detections and I had to hunt that down
Hello Unkle, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello @Lorddevilhunter, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
/fbanstat @parmanoo b578caf1-07e7-4e92-9226-f69346180d99
Читать полностью…
Hello Roshan, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello @apostol0s, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
There have many opinion in I have seeing, let me share my experinece.
You may install the EDR agent in endpoint and perform attack using Atomic Red Team https://atomicredteam.io/
In our office, when we take trail for huntress, I tested in VM. also, caldera, spider monkey etc. advisory emulation you may use. Which actually purple teaming, for understood the capability of defender product like EDR.
And bitter truth, no EDR is the BEST of BEST. They have lackings, they try to improve to beat the hackers. Thanks.
Recently I have been monitoring a simple yet very busy stealer abusing github as its downloader for second stager
Читать полностью…
Folks do let me know if I am wrong, but do we have any tool, " which can help us search certain code fragements on github, on a daily basis, like lets say, I wanna search "H-e-l-l-o,W_o_r_l_d" content ovet entire github code repositories and on a daily basis, and once we have any new repo updating this content, we get a hit or a notification.."
Читать полностью…