Jump to content

explo1t

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by explo1t

  1. Recently, in a spam campaign targeted towards Bulgarian users, malicious JavaScript based Dreambot downloader was sent inside an archive file. The theme of the emails was related to "Notification of changes to Regulation for NRA" . NRA is the National Revenue Agency in Bulgaria (in Bulgarian it is: Национална агенция за приходите). http://www.pwncode.club/2017/09/dreambot-targeting-bulgarian-users.html
  2. Interesting method! Always useful to perform such tasks purely through assembly language instead of calling some API
  3. Nice writeup on Retefe Banking Trojan which is being spread through Word Documents to Swiss users. The article also describes in detail how Retefe Banking Trojan deploys TOR and Socat on the machine to setup a SOCKS proxy as a backdoor. http://www.pwncode.club/2017/09/deep-dive-into-retefe-banking-trojan.html
      • 2
      • Upvote
  4. An interesting writeup on an RTF variant of Document exploiting CVE-2017-8759. It shows different steps of analysis from basic analysis of the Exploit File to payload. http://www.pwncode.club/2017/09/rtf-based-variant-of-cve-2017-8759.html
      • 1
      • Upvote
  5. Interesting, this sounds very useful especially for analysing malwares which perform evasion based on the Environment they are executing in.
×
×
  • Create New...