Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
any.run - I registered using my personal email
Malware Bazaar - I also used my personal Twitter
greetings fellas, I know i asked this question in the past, which malware sample site allows for samples to be downloaded on a free tier
Читать полностью…For who got the freq 4 macOS malware research, chk it out:
https://0xf00sec.github.io/0x22
can you also check mine, I use only my own words and dont care about giving backstory just straight up writing what it does
https://basicacc.github.io/malware_analysis/MassLogger/7e3317f91f7d8e570800045ca8ba7e2ff136e0ea3621ed1deca8b7763b45f624.html
this is latest one I analyzed a few weeks before i dont remember honestly. is this alright or I need to be more formal
Did you also use AI to write this too 😭 (just a joke no offence)
Читать полностью…I like the concept, but it feels really heavy on the LLM part
Читать полностью…Hello Alla, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…generic detections work OK
paid Thor (by Nextron Systems) probably can detect more variants of it, but its generic rules should catch it pretty fine
if unsure, generate your own shells and run Thor against your system
From what I see, it's the same as the open source
Читать полностью…New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Rajesh R
User ID: 1269238954
Reason: no maldev
I've never heard of bypassing malware development courses
Читать полностью…Hello everyone , any ideas how to open guidedhacking its not open for me
Читать полностью…Guys need a support in downloading godzilla webshells plz
5E54E53E70C0E3193BB9C48479F874D01338A1A8
B4B0EC3DD208D9FC27B7F6A6DBBE7B69CA275200
I am completely lost after it mentions "mark of the web"
I don't think it flows very well.
Another example - it installs the legit homebrew. But I'm not seeing where that's being explained, how it happens, what leads to that
I didn't read the entire article since it's too confusing to read
One last thing, one IOC (cfocares) is mentioned to be potentially malicious. So it wasn't analyzed prior to being added as an IOC?
Alright, thank you so much for feedback, will work on it. ❤️
Читать полностью…The flow seems clear, and you describe what you do. I think it will be clearer if you focus more on the formatting. Add headers, create paragraphs with a single focus, rather than lengthy ones which cover multiple topics. Nice work!
Читать полностью…I think the blog's "soul" is missing because of it. It may contain the details, but it reads as if it it is slop, because its AI slop
Читать полностью…Yeah! the wordings were churned down through LLM.
Читать полностью…Hey there! I recently wrote a blog on Medium. "Dissecting a macOS Malware Campaign."
https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc
if free Thor doesn't detect it, it shouldn't be that hard to write your rules for detection. you can use their community rules and build on it, and perhaps contribute to it
Читать полностью…I really don't know why you insist on it
since it's open source, you can download and play with the tool and generate webshells of your liking
lab example - https://blog.csdn.net/zibery/article/details/124824833
someone experimenting it - https://www.cnblogs.com/smileleooo/p/18178347
please use Google Translate or whatever translation tools that you like
one more hint - you will note that cnblogs.com webshell contents are identical to VT's version, so it only means one thing...
there are also English writeups on it, though not on how to use it (I don't know why), but given that detection teams are capable of generating detections, that would mean you don't need the specific webshell, but the tool that generates it
and with that, you can come up with all kinds of combos for experimentation and generate the various use cases for detection, threat hunting, threat intelligence, etc
not able to find with this hash .. i need a help with these 2 customized versions only
Читать полностью…New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Jinja jinja
User ID: 7040505425
Reason: no trading spam
Forgot to share my latest blog for my employer here! It dives into automagic reverse engineering, based on symbol recovery using Ghidra, scripts, LLMs, and knowledge from the community!
Link: https://www.trellix.com/blogs/research/automagic-reverse-engineering/