Rezultati pretraživanja
  1. 15. kol 2019.

    Latest maldocs have 0 detections on VT. Doc hashes: . Still drops . reaches out to 185[.]180[.]199[.]102 for the 2nd stage.

    25 proslijeđenih tweetova 44 korisnika označavaju da im se sviđa
  2. 1. lip 2018.

    Sometimes a simple dropper becomes more powerful than the others. Here is our analysis of dropping since 2016 (currently and ).

    1 reply 24 proslijeđena tweeta 39 korisnika označava da im se sviđa
  3. 11. ruj 2019.

    I've updated deobfuscate_ostap.py (v0.0.5) to support UTF-16 samples.

    2 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
  4. 23. sij

    Security researcher Oliver Hough () has recently created a tool to automate the Ostap process.

    20 proslijeđenih tweetova 20 korisnika označava da im se sviđa
  5. 3. ruj 2019.

    Here’s my write-up on deobfuscating , a commodity JScript downloader that operators started using in early August. As part of the research, I’ve released a Python script (deobfuscate_ostap.py) to automate its deobfuscation.

    This threat blog from breaks down , the latest downloader, explaining how it evades detection - read more here
    1 reply 5 proslijeđenih tweetova 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  6. 27. sij

    2020-01-27 New - maldoc.🧐 p://185.]159.]82.]182/gox/go.php?zs=h21&ed=<9randomdigits> No VT submission - No AnyRun activities> @hexraptor

    12 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
  7. 23. sij

    Looked at for the first time today...

    3 korisnika označavaju da im se sviđa
  8. 3. tra 2017.

    Road trip fun... 🎤

    1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
  9. 30. srp 2019.

    Ostap is delivered also as a Control Panel module the wscript.exe remain running for further payloads deploymt, with sysmon one can try event 1 (ProcCreate) not followed by 5 (ProcTerminate) within say 1min for wscript|cscript|mshta|wmic etc.

    1 reply 3 proslijeđena tweeta 18 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  10. 3. velj

    What kind of malware is dropped by this in Czech?🤔 Is this downloader? Subject: Připomenutí o splacení dluhu FileName: F-44011156.doc

    1 proslijeđeni tweet 9 korisnika označava da im se sviđa
  11. 3. velj

    more no trigger in sandbox 23/56 on VT - not bad, but Kaspersky and Microsoft failing to flag it (at time of tweet)

    1 reply 2 korisnika označavaju da im se sviđa
  12. 30. sij

    Some fresh looking if you want to play with deobfuscating it then you should be able to adjust the regex in my (quick and dirty) tool it's not a a very challenging obfuscation at all, great exercise for beginners

    1 reply 2 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  13. 27. sij

    Thanks ! Now you can use to detect this new trick used by recent downloaders!

    olevba and mraptor now detect the new "_OnConnecting" trigger used in some recent malware, thanks to
    4 proslijeđena tweeta 12 korisnika označava da im se sviđa
  14. 24. sij

    spam email italy 24_01_2019 example Samples

    9 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  15. 24. sij

    👾 by http://185.159.82.182/go/go.php?zs=h20&ed=<9randomdigits>rnx=<7randomdigits>

    1 reply 29 proslijeđenih tweetova 35 korisnika označava da im se sviđa
  16. 23. sij

    2020-01-23 👾 - maldoc. 🧐 p://185.]159.]82.]194/5pIuWL/dWva9v.php?a=h23&b=<9randomdigits> No activities on AnyRun > Low AV detection rate on VT > 6/59 @hexraptor

    8 proslijeđenih tweetova 15 korisnika označava da im se sviđa
  17. 23. sij

    Details on deobfuscating the latest round of > campaigns.

    “You Got Malware” another great piece by on the Cyjax blog.
    1 reply 5 proslijeđenih tweetova 17 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  18. 20. sij
    Odgovor korisnicima

    Link drop: http://185.227.68[.]135/5DqNB2/yf2AI.php?xc=k17&uk=561530280&co=5851493 and per people smarter than I, dropping

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
  19. 26. pro 2019.

    "FatturaN.NNNNNN.doc" delivering 🇮🇹 VT:ab87c1f58ef83b5585f4773910fe7ff2 @425A_

    6 proslijeđenih tweetova 8 korisnika označava da im se sviđa
  20. 23. pro 2019.

    JavaScript downloader still used to deliver samples

    "fax" subjects run with efax_document<digits>.doc files, drops exe from: 185.216.35[.]21/shell3/uz1wI.php hash b2dc507828839a7be9480788f3070f22 on
    2 proslijeđena tweeta 13 korisnika označava da im se sviđa

Nema rezultata.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.