MartyMcFly Malware: Targeting Naval Industry

MartyMcFly Malware: Targeting Naval Industry

|
Today I'd like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leader in the field of security and defensive military grade Naval ecosystem in Italy. Everything started from a well crafted ... Read More
Sustes Malware: CPU for Monero

Sustes Malware: CPU for Monero

|
Today I'd like to share a simple analysis based on fascinating threat that I like to call Sustes (you will see name genesis in a bit).Everybody knows Monero crypto currency and probably everybody knows that it has built upon privacy, by meaning It's not that simple to figure out Monero ... Read More
Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

| | Attack, Cyber Crime, USA
Today I'd like to share a full path analysis including a KickBack attack which took me to gain full access to an entire Ursniff/Gozi BotNet . In other words: from a simple "Malware Sample" to "Pwn the Attacker Infrastructure".NB: Federal Police has already been alerted on such a topic as ... Read More
Interesting hidden threat since years ?

Interesting hidden threat since years ?

Today I'd like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many obfuscation steps and implementation languages. During the analysis time only really few Antivirus (6 out ... Read More
Attacking Machine Learning Detectors: the state of the art review

Attacking Machine Learning Detectors: the state of the art review

|
Machine learning (ML) is a great approach to detect Malware. It is widely used among technical community and scientific community with two different perspectives: Performance V.S Robustness. The technical community tries to improve ML performances in order to increase the usability on large scale while scientific community is focusing on ... Read More
DMOSK Malware Targeting Italian Companies

DMOSK Malware Targeting Italian Companies

|
Today I'd like to share another interesting analysis made by my colleagues and I. It would be a nice and interesting analysis since it targeted many Italian and European companies. Fortunately the attacker forgot the LOG.TXT freely available on the dropping URL letting us know the IP addresses who clicked ... Read More
MalHide: an interesting Malware sample

MalHide: an interesting Malware sample

|
Today I'd like to share an interesting (at least to me) analysis on a given sample. I have called this sample MalHide but you will see "why" only at the end of my post :D. I believe this is a quite interesting Malware since it firstly implements several obfuscation stages ... Read More
CERTs, CSIRTs and SOCs after 10 years from definitions

CERTs, CSIRTs and SOCs after 10 years from definitions

Nowadays is hard to give strong definitions on what are the differences between Security Operation Centers (SOC), Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) since they are widely used in many organisations accomplishing very closed and similar tasks. Robin Ruefle (2007) on her paper titled ... Read More
Control Flow Integrity: a Javascript Evasion Technique

Control Flow Integrity: a Javascript Evasion Technique

Understanding the real code behind a Malware is a great opportunity for Malware analysts, it would increase the chances to understand what the sample really does. Unfortunately it is not always possible figuring out the "real code", sometimes the Malware analyst needs to use tools like disassemblers or debuggers in ... Read More
Huge Botnet Attacking Italian Companies

Huge Botnet Attacking Italian Companies

On January 18 a colleague of mine (Luca) called me telling a malicious email was targeting Italian companies. This is the beginning of our new analysis adventure that Luca and I run together.The email pretended to be sent by "Ministero dell' Economia e delle Finanze" the Italian Department of Treasury ... Read More
Loading...