News from the Lab Archive : January 2004 to September 2015
Malware authors certainly do not take a breather when it comes to inventing new tricks for detecting sandbox, a very useful system to automatically analyze millions of samples nowadays. Recently, Seculert unveiled an unprecedented sandbox detection method that was employed by the Dyre/Dyreza malware. We have seen similar anti-sandbox tricks used by the notorious Tinba banking trojan and would like
The CozyDuke APT | Securelist
CozyDuke (aka CozyBear, CozyCar or “Office Monkeys”) is a precise attacker. Kaspersky Lab has observed signs of attacks against government organizations and commercial entities in the US, Germany, South Korea and Uzbekistan. In 2014, targets included the White House and the US Department of State, as believed. The operation presents several interesting aspects extremely sensitive high profile vict
オンライン無料ウイルス・マルウェア動作挙動解析サイト 【サンドボックス】
ブラウザからアップロードしたWindows用実行ファイル(*.exe)をサンドボックス(仮想マシン)上などで実際に起動させて、どのような挙動を行なったか解析結果を提供してくれる無料サービスです。すべて海外の英語サイトです。オンラインスキャン(ファイル単体)と違って、あまり一般の人が利用するものではありませんな。 (^^ Windowsのレジストリの読み書き、ファイルの入出力、ネットワークへの接続などの情報が提供され、ウイルス・マルウェアかどうかの判断材料として使えます。 Anubis [~8MB] by International Secure Systems Lab 実行ファイルのみアップロード可能。ページ上にそのまま解析結果ページのURLアドレスを表示されます。実行ファイルが読み込むDLLの情報、ウイルス対策ソフト「IKARUS」によるウイルススキャン結果、Windowsのレジストリの
Links
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Malw
A Fanny Equation: “I am your father, Stuxnet”
At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various parts of Stuxnet, such as the zero-days used in the attack. Perhaps the most interesting zero-day exploit from Stuxnet was the LNK exploit (CVE-2010-2568). This allowed Stuxnet to propagate through USB
The Great Bank Robbery: the Carbanak APT
Download Full Report PDF The story of Carbanak began when a bank from Ukraine asked us to help with a forensic investigation. Money was being mysteriously stolen from ATMs. Our initial thoughts tended towards the Tyupkin malware. However, upon investigating the hard disk of the ATM system we couldn’t find anything except a rather odd VPN configuration (the netmask was set to 172.0.0.0). At this ti
合法マルウェアで実感「リアルとサンドボックスの違い」
※ご注意 本記事に掲載した行為を自身の管理下にないネットワーク、コンピューターに行った場合は、攻撃行為と判断される場合があり、最悪の場合、法的措置を取られる可能性もあります。 また、本記事を利用した行為による問題に関しましては、筆者およびアイティメディア株式会社は一切責任を負いかねます。ご了承ください。 標的型攻撃対策として、各セキュリティベンダーが「サンドボックス」製品をリリースし、注目を集めています。 サンドボックスとは、仮想環境として「攻撃されてもよいホスト」を作成し、その中でマルウェアを動作させて、振る舞いをチェックするものです。実際にマルウェアを動かすので、バイナリを解析するよりも素早く、安全なアプリか悪意あるアプリかを判断できることが特徴です。しかし、当然ながらマルウェア作成者はサンドボックスでの検出を避けようと、対策を打ちます――でも、どうやって? 今回の記事では、筆者が合法
us-14-kruegel-briefings.ppt
Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware! Christopher Kruegel Lastline, Inc. Who am I? • Co-founder and Chief Scientist at Lastline, Inc. – Lastline offers protection against zero-day threats and advanced malware – effort to commercialize our research • Professor in Computer Science at UC Santa Barbara (on leave) – many systems security papers in ac
凯发k8手机-凯发k8网址-凯发k8下载
装修好的房子墙面渗水怎么办 墙面漏水补救方法 装修睦的屋子墙面渗水怎么办?屋子漏水对我们的生活造成许多大的影响,以是出现漏水这个环境我们要立刻办理,制止造成更大粉碎。对于房屋漏水起首要确定责任,要求责任方修.........
Malwr - Coming back soon!
Malwr is coming back soon! Stay tuned for our re-launch and follow updates by signing up to our newsletter:
Free Malware Sample Sources for Researchers
Malware researchers frequently seek malware samples to analyze threat techniques and develop defenses. In addition to downloading samples from known malicious URLs, researchers can obtain malware samples from the following free sources: ANY.RUN: Registration required Contagio Malware Dump: Curated, password required CAPE Sandbox: Registration required Das Malwerk Hatching Triage: Registration requ
MALWARE TRAFFIC PATTERNS
9002..................wx....9002..................wx....9002....................... 9002..................wx....9002..................wx....9002........................9002........!............. .....9002..... .............p.....MZ..................@..:...X..'........!..L.!This program cannot be run in DOS mode.
Library of Malware Traffic Patterns
Update February 2015 Use the new link below for a new interface and updates. Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns has been always an important skill for anyone tasked with network defense. The number of malware analy
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
VMware NSX Security Solutions
http://www.iwsec.org/mws/2010/manuscript/2A1-1.pdf
Open Malware
Downloaders and Decoys | Fortinet Blog
DRAKVUF® Black-box Binary Analysis System
Index page - KernelMode.info
Cisco Secure Malware Analytics (Threat Grid)