We have released OIC-CERT Malware Trend report covering the period of January till June 2018. Please download the report using URL below: OIC CERT Malware Trend Report H1 2018 Reference: https://www.oic-cert.org/en/malwarereport.html
MyCERT PCAP Analyzer
We have released our MyCERT PCAP Analyzer (MyPCAPAnalyzer) to public. Basically, it is initially based on Suricata and Emerging Threat rules. You can give feedback for further improvement. Have fun. Example pictures as per below: Reference: MyPCAPAnalyzer
NanoSec x Wargames.MY CTF Write Up
Briefly, this is a simple write up for what was happening during the CTF games. Been participated in the event to just have an enjoy weekend time even though busy with family and celebrating my birthday anniversary. Cryptography : warming up 1 Question: jztl{y0y_f0_3nfl} Answer: wmgy{l0l_s0_3asy} Explaination: Use ROT13 to answer. Cryptography : warming up […]
TOR Based APK Trojan
Several security firms recently discovered TOR based malware on android platform. As we received the sample, we make some quick analysis on it. MD5: 58FED8B5B549BE7ECBFBC6C63B84A728 SHA-1: 2E6DBFA85186AF23A598694D2667207A254F8979 The sample has been reported to have C&C capability which is using unusual top level domain name (.onion). This TLD is usually used by TOR. The use of Orbot TOR […]
Maybank Phishkit Analysis
Just couple of days ago, we discovered a certain Maybank Phishing kit that limits access to only IP address from Malaysia. The phishing kit is hosted in a server in the US. This is basically done via the .htaccess file. Directory of C:\temp\xyz\xyz\m2u\abc 07/04/2011 12:43 PM . 07/04/2011 12:43 PM .. 27/01/2011 01:12 AM 8,701 […]
ProFTPD 1.3.3c Compromise:Trojan Source Code
On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace the source files for ProFTPD 1.3.3c with a version which […]
IDA Pro: IDC Script for Decrypting VB Obfuscated Malware
I was playing with a piece of malware with Jun Yee and we came across an obfuscated string in the VB code. The malware itself was written in Microsoft Visual Basic 6. It has a feature that allows the malware to overwrite itself after execution just to make it a bit stealthier. Additionally, the virus […]
No endstream, no endobj, no worries
In analyzing malicious PDF documents, being able to understand the format of its object structure is definitely useful. In order to look for malicious content inside the file, we might need to go through some of the process that’ll include interpreting the PDF object structure. The PDF object is enclosed with “obj” and “endobj”. Between […]
MyX1: SSDT Detector and Remover
MyCERT has developed a tool to detect and restore changed address of API made by rootkit. MyX1 SSDT Detector and Remover is a part of our Malware Tracking project. Figure 1: Screenshot showing MyX1 SSDT The application relies on two two (2) files will be use upon execution: 1. ssdt.sys is used to list all […]
LNK (Windows File Shortcut) Parser
CVE-2010-2568 will need to have a LNK file with a malicious dll to cause harm. Feeling the urgency of parsing the LNK file to trace any present dll, we modified a small portion of the code from metasploit’s project to make it run independently from the metasploit framework. The original code is here. The main […]
You must be logged in to post a comment.