Crypto Scams: Hacking Campaigns Compromise Coinbase Accounts
Cryptocurrency scams in the form of phishing attacks are a widespread and significant threat to people who use digital wallets like Coinbase and Exodus. These attacks are designed to deceive users into divulging personal information through counterfeit login pages for cryptocurrency exchanges. The ultimate goal of these attacks is to steal sensitive user information, such as login credentials. Cryptocurrency accounts without two-factor or other forms of multifactor authentication are particularly susceptible to these attacks. Attackers can also use phishing tactics to trick users into downloading and installing harmful software or malware that can be used to drain cryptocurrency wallets. Therefore, it's crucial to be vigilant and take appropriate measures to safeguard personal information and digital assets from these types of attacks.
Footsteps of WMIGhost - Advanced Malware Continues to Abuse Windows Management Instrumentation (WMI)
While threat hunting a JavaScript file was discovered resembling components of WMIGhost, known as Wimmie/Syndicasec and frequently attributed to the Thrip APT group. This Malware, designed for Microsoft Windows, leverages the Microsoft Windows Management Instrumentation (WMI) to extract information about the infected host then sending WMI data to the attacker's command-and-control (C2) server.
Exploring Ransomware Samples Written As Windows Batch File / HTA Hybrids
A Ransomware attack is an attack deployed by malware that weaponizes encryption to encrypt a victim's files and other data to prevent the victim from accessing their data. At the same time, the ransomware operators demand, through a ransom note, something of value (often money or cryptocurrency, such as Bitcoin) for the key to decrypt the files. Ransomware attacks are a common problem for businesses and individuals worldwide as malicious actors use ransomware infections to profit by holding data hostage. In a recent study, 73% of organizations were hit by ransomware, with a third saying they were hit more than once. Ransomware variants and the threat actors who deploy them continue to affect the largest companies worldwide, such as the ransomware attack on MGM by the ALPHV/BlackCat ransomware group. The most sophisticated ransomware attacks involve complex attack chains with the following: social engineering attacks, phishing emails, malware/viruses, and zero-day and/or n-day exploits.
Scanning Files With Regular Expressions (RegEx) In Rust
This article shows you how to easily scan the contents of files using Regular Expressions (RegEx) using the Rust language. Rust implements a regular expression engine similar to many other regex engines such as Perl Compatible Regular Expressions (PCRE) and ECMAScript but lacks features such as look-arounds and backreferences. You can visit the source code of the regex crate by visiting the Rust implementation of regular expressions on GitHub.
How To Compile YARA Rules & Scan With Files Rust
In this how-to I will show you how to easily compile yara rules and scan files using Rust. While VirusTotal does not have an official Rust implementation there is an experimental project hosted on GitHub. In this how-to we will use he yara-rust crate which provides the bindings around yara inspired by the popular yara-python library maintained by VirusTotal. Using this step-by-step guide we will install the yara-rust crate, compile a yara rule file as well as a yara rule string, and finally we will scan a file using yara-rust.
How to Install the YARA Malware Analysis Tool On Windows
YARA is an indispensable tool designed to identify malware, malicious, and suspicious elements based on defined patterns. YARA rules are text-based patterns that describe characteristics of files, such as specific byte sequences, strings, regular expressions, and more. In this comprehensive guide, we will delve into the step-by-step process of installing YARA on the Windows operating system. By the end of this tutorial, you'll have a clear understanding of how to harness YARA's capabilities to create custom rules, scan files and directories, and fortify your system's defenses against potential cyber threats.
Exploring Defense Evasion through Reflective Code Loading (T1620)
Reflective Code Loading, identified as T1620 within the MITRE ATT&CK matrix continues to be a prevalent defense evasion technique frequently encountered during routine threat hunting activities. It notably attains popularity in the context of loading .NET assemblies within the Windows operating system. This technique can be employed by threat actors to load numerous amounts of malicious software including, malware, ransomware, and exploits against known software vulnerabilities.
Decrypt Traffic with Mitmproxy & Wireshark
In some situations during your career as a security researcher or another area under the cybersecurity umbrella one may need the capability of decrypting application layer traffic such as HTTPS and WebSockets.
To decrypt HTTPS or WebSockets traffic, we can utilize mitmproxy to decrypt SSL/TLS and Wireshark to analyze that traffic. From a security context, we are essentially creating a man-in-the-middle condition locally.