People learn by doing, hence the saying practice makes perfect. Not everything that people make, is published. Sometimes researchers deliberately refrain from publishing specific material. In this blog, I want to talk about the balance between malware creation and malware research. Needless to say, the type of creation that is covered in this blog, is … Read more
MageCart groups have been roaming around for a while, infecting web shops left and right. Researchers have looked into the technical aspects of the skimmers, as have I. The recent COVID-19 pandemic opened up the playing field even further, which both criminals and researcher saw. Malwarebytes’ Jérôme Segura reported that there was a 26% increase … Read more
Additions Added the Corona Locker article to the Malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
MalPull version 1.0-stable has been released! All information about the tool can be found here. This first release contains the basic functionality, but more features can always be added. Feel free to suggest features via the contact methods at the bottom of this post. Bugs can be reported in the same manner. To contact me, … Read more
In AndroidProjectCreator 1.3.1-stable, a bug where spaces in path names would be interpreted as multiple command line arguments has been fixed. This happens more often on the Windows platform, as a lot of users use their first and last time as their username. As such, there is a space in the path. The code has … Read more
Additions Added the Azorult loader stages article to the Malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Updates Added Malware Bazaar to the Obtaining samples article. Added Malware Bazaar and MalShare as options to download samples from for the following posts: Browser plug-in, Dot Net RAT, Android SMS Stealer, LNK & ISESteroids Powershell dropper, Emotet droppers, Corona DDoS bot, and Automatic string formatting deobfuscation. To contact me, you can e-mail me at … Read more
In March 2019, I started within the threat intelligence team of ABN AMRO. In this blog, I’ll look back onto my first year of working as a threat intelligence analyst. Before diving into that, I’ll provide some background on what I looked for in a job, and what working in a threat intelligence team embodies. … Read more
This is the fourth blog with details on the activities of MageCart 12. In this article, yet another part of their ongoing campaign is uncovered. The amount of infected sites for this campaign is higher than in the previous cases. Before diving into the infected sites, and the rough duration of the infections, information regarding … Read more