We have released OIC-CERT Malware Trend report covering the period of January till June 2018. Please download the report using URL below: OIC CERT Malware Trend Report H1 2018 Reference: https://www.oic-cert.org/en/malwarereport.html
LebahNET 2.0 – Distributed Honeypot Network
Author:(Nasim/Ramadhan/Hafiz/Shuaib) Introduction Security practitioners develop ways to detect cyber attacks that are of potential risk to Internet users. This is to secure computer system vulnerabilities, provide alerts to the community, as well as to learn on ‘the how to’ of such an attack occurring. One of the ways in detecting such malicious attack, is developing […]
TOR Based APK Trojan
Several security firms recently discovered TOR based malware on android platform. As we received the sample, we make some quick analysis on it. MD5: 58FED8B5B549BE7ECBFBC6C63B84A728 SHA-1: 2E6DBFA85186AF23A598694D2667207A254F8979 The sample has been reported to have C&C capability which is using unusual top level domain name (.onion). This TLD is usually used by TOR. The use of Orbot TOR […]
From Facebook App to Botnet
MyCERT had received a couple of reports of on a new variant of Facebook malware spreading in the wild. It propagates through an FB application. The malware also is targetting users with messages on Facebook, which then link through to a fake Facebook photo page. The site is designed to appear that the user is […]
Forensic Challenge 2010/6 – Analyzing Malicious Portable Destructive Files is now live
Another challenge is ready to be tackled by forensic analysts, students, hackers and alike. This time, we present you with an attack vector that has become quite successful: malicious PDF files! For challenge 6 of our series (provided by Mahmud Ab Rahman and Ahmad Azizan Idris from the Malaysia Honeynet Project Chapter) we present you […]
IDA Pro: IDC Script for Decrypting VB Obfuscated Malware
I was playing with a piece of malware with Jun Yee and we came across an obfuscated string in the VB code. The malware itself was written in Microsoft Visual Basic 6. It has a feature that allows the malware to overwrite itself after execution just to make it a bit stealthier. Additionally, the virus […]
Antaramuka Pengaturcaraan Aplikasi untuk VirusTotal
Virustotal telah menjadi salah sebuah tempat rujukan yang sangat berguna dalam memastikan sesebuah fail itu berbahaya atau tidak. Jika dilihat dari sisi hadapan, virustotal telah mengumpulkan antivirus-antivirus yang terkenal sebagai enjin untuk memberitahu tentang status sesebuah fail yang ingin dikesan. Ini ketara keberkesanannya dari sudut keutuhan sesebuah keputusan, yang mana, rujukan silang (cross-reference) diantara kesemua […]
(Yet Another) Quick Botnet Analysis
Botnets are network of malware-infected machines that are controlled by an adversary. Our approach to in studying this botnet is to perform active analysis by using an actual malware sample, infecting the machine and observe its activities. As we probe deeper into the network traffic collected by Wireshark, we find very detailed IRC functionality, attack […]
Update for Gallus Nov 3, 2010
Here are some of the major changes in the recent Gallus: Improved extraction of malform PDF object structure Added CAPTCHA functionality within sample submission Integrate virustotal API as ‘two-factor verification’ of sample analysis Added support for Adobe LibTIFF exploit analysis and detection If you happen to come across with error/bugs while using Gallus, feel free […]
No endstream, no endobj, no worries
In analyzing malicious PDF documents, being able to understand the format of its object structure is definitely useful. In order to look for malicious content inside the file, we might need to go through some of the process that’ll include interpreting the PDF object structure. The PDF object is enclosed with “obj” and “endobj”. Between […]
You must be logged in to post a comment.