9685
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
Hello dear friends, can anyone please help me to download this sample?
37214b37345bfbeeacf7b83ecb4e1ce0044acc2066d14e7ef9a87fd56a3b5975
Hello @ShadowWraith0, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
If not you can join /channel/RSTReportHub this channel and look for ransomware reports and try analyzing them
Читать полностью…
You can start with using something like this http://www.dcs.fmph.uniba.sk/zri/6.prednaska/tools/PEiD/plugins/kanal.htm ? Maybe ? Try to figure out the some key common artefacts im ransomware sample like anti analysis, shadowcopy deletion , and all of that, try to read writeups related to technical analysis of ransomware samples
Читать полностью…
I have knowledge in reverse engineering but want to study ransomware reverse engineering.
Are there any courses specific to this?
I have read the pinned message, but didn’t find any resources attached
In fact many "legal" malware development companies such as REMCOS (i think) sell it as "surveillance" software
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Khandare Bhushan
User ID: 6155433766
Reason: no skids
I cannot find the paper, but I'm 100% sure I've read that someone did it for a scientific article -- this doesn't imply it's legal, it means that it's "tolerated in science"
Читать полностью…
I was sincerely hoping for something plug-n-play!
Читать полностью…
Wow thanks, you're a database :)
As a reference:
PowerShell is opensource => Make your own instrumented fork
Another one that I can think of is due to the PS-Transcript bug, but his code hasn't been updated. Searching for this bug should lead you to something similar created for debugging purposes, likely useful for reversing PS malware
https://github.com/PowerShell/PowerShell/issues/10994
I tried, and in fact this is not what I was looking for... but it's likely that someone wrote a ps1 wrapper using this PSDebug to dump all the intermediate values
Читать полностью…
Reference: https://darkatlas.io/blog/ghostlocker-raas-v2-0
Читать полностью…
Hello ., welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello 2, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
https://www.fortinet.com/blog/threat-research/analysis-of-net-thanos-ransomware-supporting-safeboot-with-networking-mode you can start with this @MendelG lmk if you need the sample
Читать полностью…
Nvm i missed the "reverse engineering" sorry bud i am kinda single braincell here
Читать полностью…
User 0x00 has 1/3 warnings; be careful!
Reason:
English only
Well in many places is illegal to sell malware so...
Читать полностью…
Paying criminals might not be legal, depending on your country
Читать полностью…
yes, is it legal as long you don't use it for malicious purposes, obviously
Читать полностью…
Would it be legal to buy malware in order to analyse it ?
Читать полностью…
I don't think it will ever be fixed, but in doubt I think the PS fork is a great solution!
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Stake Mines Milllionaire
User ID: 6938205406
Reason: get lost
Might be from the IR group?
/channel/IncidentResponse/27706
I don't believe his codes are open source though