Tweetovi

Blokirali ste korisnika/cu @CapeSandbox

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @CapeSandbox

  1. 18. sij

    Epic day - CAPE has reached 1337 followers!! 😎

    Poništi
  2. proslijedio/la je Tweet
    17. sij
    Poništi
  3. 26. pro 2019.

    From grain to glass: maldoc -> unpacked malware payload & 127 C2s in one run: MD5: 93eed51374a6f51f6b83fa343b69c5d3

    Poništi
  4. 4. pro 2019.
    Poništi
  5. 28. lis 2019.

    If multiple epochs are submitted, then there will be multiple keys and again a monster combined c2 list. Here is an example with 7 samples from 3 epochs:

    Prikaži ovu nit
    Poništi
  6. 28. lis 2019.

    batch config extraction as suggested by The result of a batch is a combined config, so if you include only one epoch, it should be a single key and combined c2 list from all samples. For example:

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    2. svi 2019.

    "Screen-Error-Visible.pif" - signed Remcos RAT sample: C2: infosblogwar.duckdns[.]org:2404 - known one... Thanks to for detection and config extraction.

    Poništi
  8. 25. tra 2019.

    Sadly CAPE may have missed things launched or injected via Heaven's Gate - I began working on a package for it () but never got it finished or working. Maybe I should dust it off...

    Prikaži ovu nit
    Poništi
  9. 25. tra 2019.

    Looks like the module containing Heaven's Gate is downloaded from the C2 - there are calls to HttpSendRequest then InternetReadFile just prior to the allocation of the memory for this DLL.

    Prikaži ovu nit
    Poništi
  10. 25. tra 2019.

    with 64-bit payloads launched via Heaven's Gate in an embedded 32-bit DLL. Payloads can be downloaded from:

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    2. tra 2019.
    Poništi
  12. 31. sij 2019.
    Poništi
  13. 18. sij 2019.
    Poništi
  14. proslijedio/la je Tweet
    16. sij 2019.

    Very impressed with the work from , and for the emotet extraction module. Give it a go at the public instance of CAPE! I now am using this for my work and has been using this for awhile in the automation.

    Poništi
  15. 15. sij 2019.

    configs now with RSA public keys - thanks to for the suggestion and code!

    Poništi
  16. 12. sij 2019.
    Poništi
  17. 7. sij 2019.
    Poništi
  18. 5. sij 2019.

    New RAT payload signature in CAPE. A couple of recent examples:

    Poništi
  19. 5. pro 2018.
    Poništi
  20. 5. pro 2018.
    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·