Ari Eitan

#Phobos #Ransomware https://id-ransomware.malwarehunterteam.com/identify.php?case=365f8abce24c3b53cd1b6f01fd8cf74e3d59d5b3 … Source link thanks to @zbetcheckin https://urlhaus.abuse.ch/url/308137/  Analyses https://analyze.intezer.com/#/analyses/5e8ecda7-1bc8-4f44-825f-0799f1fd54c5/sub/f894f4ea-3e49-447f-a467-b9362ae6537a … @IntezerLabs @arieitan @demonslay335 @malwrhunterteam @JayTHL @VK_Intel @James_inthe_box @guelfoweb @VirITeXplorer @Certego_IRT @reecdeeppic.twitter.com/mneJl3b1eD

New #Android #Banker variant discovered by @JAMESWT_MHT with 0 detections in VT. Shares ~95% code with another malicious Dex file 66c053b62231ef5a129d4f07d05d958ed8a998d056a67077d6328ed1c1a99cac https://analyze.intezer.com/#/analyses/1cbf67a3-eacb-4f97-8240-cee8396a38e2/sub/c62995b4-f9e3-4758-8315-77b6b4d318dc …pic.twitter.com/VYPLwPid1m

NEW: Iranian hackers (APT34) target US government workers in new campaign https://www.zdnet.com/article/iranian-hackers-target-us-government-workers-in-new-campaign/ …pic.twitter.com/l4HzhFMOgP

New writeup by me and @kajilot of a new Iranian campaign we discovered! https://intezer.com/blog-new-iranian-campaign-tailored-to-us-companies-uses-updated-toolset/ … Special thanks to @ulexec for assisting as well!pic.twitter.com/Ttg2UOGUps

TA505 seems to be targeting German-speaking countries: "Rechnung" HTML -> XLS -> Get2 Downloader -> ? (was offline, perhaps SDBbot) Example run: https://app.any.run/tasks/6c345f4a-5da9-4e09-87eb-9aae63d241fc/ …pic.twitter.com/Qa19bOX33j

We found this Chinese PE malware's ELF version using our #Golang Cross-Architecture-Platform (WIN32 -> ELF64) code connection engine. Steals screenshots and waits for further commands from C2. Decodes VBS during runtime https://analyze.intezer.com/#/analyses/32b558de-c1cc-4f40-a8f4-5ec505730a64 … https://analyze.intezer.com/#/analyses/73e0c969-66dd-4996-9471-2eb277104479 …pic.twitter.com/luxYeXzbQO

We wanted to thank VT user @r3dbU7z for reaching us to share related files to our latest ChinaZ blog. Among the contents of two zip files he sent us we identified every CNC binary of each of the different implants we documented, along with a PHP based DDoS clientpic.twitter.com/hz7YjtyOet

#APT37 (aka Group 123 / StarCruft / Reaper) component mentioned in recent @kaspersky's report shares unique code and strings with the #FInal1stspy malware uncovered by @PaloAltoNtwks https://analyze.intezer.com/#/files/945a2cfcfe70d277848d559702247ab1e331ce8f1a5d735334e1ed351c9b4c99 …pic.twitter.com/WsFWfawusp

Our Research Team has recently found newer undetected variants of #Rekoobe, a #Linux Trojan initially discovered in 2015 with a complex authentication mechanism. Read the technical analysis by @ulexec https://hubs.ly/H0mF7T50 pic.twitter.com/jNK06sVWyv

YARA rules for detecting Iranian wipers (Shamoon, ZeroCleare and Dustman) https://github.com/intezer/yara-rules/blob/master/Iranian_Wipers.yar …pic.twitter.com/4NBjiLFYSd

Iranian Wipers #ZeroCleare and #Dustman share code with #Shamoon samples from 2012. We're releasing a YARA rule (both for x86 and x64 implants) based on the shared binary code of those families - https://github.com/intezer/yara-rules/blob/master/Iranian_Wipers.yar … https://analyze.intezer.com/#/analyses/433de682-961b-4bb4-82d7-ae5754aca6a7 …pic.twitter.com/AxxcvlNw17