__mat__

@matthieu_faou

Malware researcher at . Opinions are my own.

Vrijeme pridruživanja: ožujak 2016.

Tweetovi

Blokirali ste korisnika/cu @matthieu_faou

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @matthieu_faou

  1. Prikvačeni tweet
    7. svi 2019.

    New Research: We analyzed , a malware targeting Microsoft Exchange servers - Abuses the Transport Agent feature - Can read/modify/block any email - Backdoor controlled by email attachments Full WP: Blogpost:

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    Campaign IDs and C&C URLs from the samples found at 2 universities contain the universities names indicating a targeted attack. At least 5 Hong Kong universities may have been compromised. 3/3

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    31. sij
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    14. sij

    However, considering the possible targets that the domains spoof and given the aforementioned non-definitive consistencies, we assess with moderate confidence that the domains probably are associated with APT28 operations.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    14. sij

    Ultimately, none of these characteristics are definitively indicative of APT28 activity and we don't have any specific information on how the domains have been operationalized.

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    14. sij

    So just to be explicit about our research , we initially came across the cubenergy-my-sharepoint[.]com by exploiting some consistencies that we've seen in previous Fancy Bear infrastructure.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    13. sij

    Un must si vous vous demandez à quoi ça ressemble un stage en reverse engineering chez ESET!

    Poništi
  8. proslijedio/la je Tweet
    10. sij

    MontréHack's first of the year is happening next Wednesday on the 15th! See the details on . Registration :

    Poništi
  9. proslijedio/la je Tweet
    27. pro 2019.

    REcon 2019 "The (Long) Journey To A Multi-Architecture Disassembler" video is out:

    Poništi
  10. proslijedio/la je Tweet
    27. pro 2019.

    The // infection checker. Possibly from MD5: 86c9e95dcf69f6eca2a176407dcb99ff RahaSecIOC-x86.exe

    Poništi
  11. proslijedio/la je Tweet
    22. pro 2019.

    Yikes! A top iOS app in 's App Store, was a government spy tool!? 🍎📲🕵️‍♂️😱 "...used by the govt. of the United Arab Emirates to try to track every conversation, movement ...of those who install it on their phones" - Our technical analysis:

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    15. pro 2019.

    Iran is one of the APT27 targets, such as other countries in the region, that’s true. Anyway, don’t draw any hasty conclusion as their backdoors such as HyperBro are vulnerable to 4th party collection. Can be interesting to have more IOCs from the IR CERT.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    15. pro 2019.

    The dev of the TinyNuke Banker and Varenyky spambot has been arrested

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    2. pro 2019.

    Thanks to and other fine folks from ESET, works in IDA 7.4 and Python 3!

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    22. stu 2019.

    My CDS presentation with Anders on Exchange transport agents is online. We cover 3 malicious samples, ideas for detection, and some (fun) ideas we had when developing our own sample to stay under the radar. Check it out here, along with other talks:

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    26. stu 2019.
    Odgovor korisnicima

    Mapping all the related components and confirming what was clean/adware/malware took us quite a long time too. Some components were so prevalent that we went way past typical analysis to determine maliciousness beyond the shadow of a doubt.

    Poništi
  17. proslijedio/la je Tweet
    26. stu 2019.

    If you haven’t read the original Stantinko paper then you should This malware family stands out to me for its subtle yet extensive modularity and subversive techniques. In 2017 this family had few if any detections by any security vendor.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    26. stu 2019.

    After years of relying on click fraud, ad injection, social network fraud and credential stealing, botnet has started to mine . Today, dives deeper into Stantinko's new business model.

    Poništi
  19. proslijedio/la je Tweet
    25. stu 2019.

    An exciting project, I hope it will simplify writing decompiler plugins. We at Hex-Rays probably care too much about all minute details while you guys want a more general view of things. FIDL is a promising bridge.

    Poništi
  20. proslijedio/la je Tweet
    21. stu 2019.

    Investigating a in Central Europe and the Middle East, discovered a highly unusual downloader. Apart from other nontraditional techniques, the also poses as a default print monitor.

    Poništi
  21. proslijedio/la je Tweet

    I don’t endorse the vocabulary in this tweet but I’d like to share our side of things and perhaps set the records straight. We never really wanted to (and still don’t want to) discredit Dragos publicly, there is really no point. 1/x

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·