逆向病毒分析
It’s Turtles All The Way Down 🐢
Objective-See's research, tools, and writing, are supported by the 'Friends of Objective-See' such as: Objective-See的研究、工具和写作得到了“Object...
“云即玩”模拟器恶意捆绑流氓软件,用户需提高警惕
近期,火绒收到用户反馈,在pc6下载站中下载安卓应用程序的电脑版软件时,实际安装的是一款名为“云即玩”的模拟器,并且该模拟器会捆绑流氓软件“天空压缩”。经...
HrServ – Previously unknown web shell used in APT attack
Introduction 介绍 In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web...
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Cente...
Malware analysis report: Stealc stealer – part 2
We continue to publish our analysis report of Stealc, an information stealer promoted by its supposed developer Plymouth on Russian-language underg...
Mobile Malware Analysis Part 5 – Analyzing An Infected Device
In the first part of iOS Malware Detection as a part of our Mobile Malware Analysis Series, we covered how to gather forensics artifacts, what to u...
注意防范:银狐、毒鼠类病毒近期活跃 利用通信工具传播
近日,火绒收到多名用户反馈,通信工具遭遇远程控制,自动向群内发送带有诱导性名称的病毒文件,若群友不慎点击,将同样陷入此类循环。经火绒安全工程师分析...
伪装成MoviesWatch针对巴基斯坦地区隐蔽攻击活动分析
点击蓝字关注我们1. 背景概述移动威胁情报团队在日常狩猎活动中发现伪装成MoviesWatch的恶意样本攻击活动,该样本基于DogRat开源间谍木马V3版本开发而来,并...
又一种后门病毒针对Linux系统,火绒可拦截
近期,火绒威胁情报系统监测到一种针对Linux系统的后门型病毒,经排查分析后,确定其与HelloBot家族有关。HelloBot是一个针对Linux系统的恶意软件家族,执行...
【勒索防护】巴以冲突背景下的网络安全威胁
恶意文件家族:GhostLocker威胁类型:勒索病毒简单描述:GhostLocker 自称是一款突破性的企业级锁定软件,将安全性和有效性放在首位。GhostLocker 采用“勒索...