Skip to main content

3 posts tagged with "analysis"

View All Tags

· 5 min read
Jose Luis Sánchez Martínez

Summary

On October 16, a malicious file that could be related to the current Israel-Gaza conflict was uploaded to VT. The document is related to Joe Truzman publication "IRAN AND ITS NETWORK OF NINETEEN TERRORIST ORGANIZATIONS ON ISRAEL'S BORDERS" on fdd.org and talks about terrorist organizations that receive funding, training, and weapons from Iran's Islamic Revolutionary Guard Corps.

The actor behind this document could not be determined, however, due to the type of document and the characteristics analyzed, it could be an APT. As for the victims, it could be Israel institutions.

vt

warning

Information about the origin and destination of the document could not be confirmed. What has been described in relation to suspected sponsors and victims is just conjecture.

· 20 min read
Jose Luis Sánchez Martínez

Summary

JPCERT/CC discovered recently attacks that infected routers in Japan with malware around February 2023.

graph

This analysis is focused in the loaders discovered by them

  • 60bcd645450e4c846238cf0e7226dc40c84c96eba99f6b2cffcd0ab4a391c8b3
  • 3e44c807a25a56f4068b5b8186eee5002eed6f26d665a8b791c472ad154585d1

Some of the behaviors identified in the routers, are too generic, which means that can be used in Linux endpoints intrusions too. For that reason, I decided to analyze the samples and contribute to the Sigma community to idenfity new detection opportunities based on the samples and the analysis of JPCERT/CC.

info

The objective of the analysis is to provide information about the execution of these loaders and how we can detect them using Sigma Rules

· 12 min read
Jose Luis Sánchez Martínez

Summary

During 2019-2021 I was focused on analyzing campaigns orchestrated by the APT-C-36 group and RATs used by this same group and other cybercriminal groups such as RemcosRAT, AsyncRAT, Imminent Monitor RAT, etc. In the last few months I have seen some modifications of TTPs in many of these families that have caught my attention and I wanted to analyze them to see what is new.

Therefore, during this entry we will go through the analysis of a sample of AsyncRAT distributed in Colombia during the last month.

info

The objective of the analysis is to provide information on the execution of the binary, genealogy and other stuff, not to go into the details of the static part.