Archive | Malware


13 August 2014 | 6,030 views

ParanoiDF – PDF Analysis & Password Cracking Tool

ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more. We have posted about a few PDF related tools before, including the one this tool is based on: – peepdf – Analyze & […]

Continue Reading

04 August 2014 | 3,920 views

Windows Registry Infecting Malware Has NO Files

This is a pretty interesting use of the Windows Registry and reminds me a little of the transient drive-by malware used last year against Internet Explorer that left no files either – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. The main difference being, that wasn’t persistent and as it lived […]

Continue Reading

16 July 2014 | 5,358 views

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. The goal of the project is to: Be easy […]

Continue Reading

02 July 2014 | 2,063 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have […]

Continue Reading

28 May 2014 | 2,766 views

Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet

Pretty smart idea this one, we wrote about Yahoo! spreading Bitcoin mining malware back in January, but we haven’t really seen any of that type of activity since then. But this, this is a much better target audience – gamers with high powered GPUs! Especially as this is one of most hyped ‘next-gen’ games for […]

Continue Reading

20 May 2014 | 3,476 views

Hook Analyser 3.1 – Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet. Essentially it’s a malware analysis tool that has evolved to add some cyber threat intelligence features […]

Continue Reading

14 March 2014 | 1,595 views

NSA Large Scale TURBINE Malware Also Target Sysadmins

So more revelations coming out about the NSA from the latest batch of documents leaked by Edward Snowden. This time they detail a huge malware infection system created for widespread infections, it seems fairly advanced with the ability to spit out different types of malware depending on the target. Other than the TURBINE malware engine, […]

Continue Reading

06 March 2014 | 834 views

Target CIO Beth Jacob Resigns After Huge Breach

So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year. To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would […]

Continue Reading

14 February 2014 | 2,635 views

Azazel – Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hides remote […]

Continue Reading

12 February 2014 | 967 views

The Mask AKA Careto Espionage Malware

So the latest buzz going around is caused by a hacking group that appears to be Spanish and is called The Mask or Careto. The reason there is a fair amount of buzz is their next level espionage malware that has been targeting government institutions, diplomatic offices and embassies, energy, oil and gas companies, research […]

Continue Reading