Citadel 0.0.1.1 (Atmos)

Guys of JPCERT, 有難う御座います!Released an update to their Citadel decrypter to make it compatible with 0.0.1.1 sample.Citadel 0.0.1.1 don't have a lot of documentation, so time as come to talk about it.Personally i know this malware under the name 'Atmos' (be ready for name war in 3,2,1...)  The first sample…

Citadel 0.0.1.1 (Atmos)

Guys of JPCERT, 有難う御座います!Released an update to their Citadel decrypter to make it compatible with 0.0.1.1 sample.Citadel 0.0.1.1 don't have a lot of documentation, so time as come to talk about it.Personally i know this malware under the name 'Atmos' (be ready for name war in 3,2,1...)  The first sample…

Citadel 0.0.1.1 (Atmos)

Guys of JPCERT, 有難う御座います!Released an update to their Citadel decrypter to make it compatible with 0.0.1.1 sample.Citadel 0.0.1.1 don't have a lot of documentation, so time as come to talk about it.Personally i know this malware under the name 'Atmos' (be ready for name war in 3,2,1...)  The first sample…

Citadel 0.0.1.1 (Atmos)

Guys of JPCERT, 有難う御座います!Released an update to their Citadel decrypter to make it compatible with 0.0.1.1 sample.Citadel 0.0.1.1 don't have a lot of documentation, so time as come to talk about it.Personally i know this malware under the name 'Atmos' (be ready for name war in 3,2,1...)  The first sample…

Betabot retrospective

Some of you know Betabot.. if you don't: http://www.ic3.gov/media/2013/130918.aspx1.0.2.5 panel:Dashboard:extended information:Search options:Tasks:Remove bot:Terminate bot till next reboot:Botkill:Socks4:Set browser homepage:Visit URL option:Update bot option:Download file option:DDoS cmd option:Formgrabber logs:logins:users:Settings:IP blacklist:List of dns recod to modify:Help:1.5.0.0:Tasks:Statistics:Files:Users notice:AV Checker:1.7.0.1:The botmaster was running a support site at the url betabot.ru that i've monitored since...…

Betabot retrospective

Some of you know Betabot.. if you don't: http://www.ic3.gov/media/2013/130918.aspx1.0.2.5 panel:Dashboard:extended information:Search options:Tasks:Remove bot:Terminate bot till next reboot:Botkill:Socks4:Set browser homepage:Visit URL option:Update bot option:Download file option:DDoS cmd option:Formgrabber logs:logins:users:Settings:IP blacklist:List of dns recod to modify:Help:1.5.0.0:Tasks:Statistics:Files:Users notice:AV Checker:1.7.0.1:The botmaster was running a support site at the url betabot.ru that i've monitored since...…

Betabot retrospective

Some of you know Betabot.. if you don't: http://www.ic3.gov/media/2013/130918.aspx1.0.2.5 panel:Dashboard:extended information:Search options:Tasks:Remove bot:Terminate bot till next reboot:Botkill:Socks4:Set browser homepage:Visit URL option:Update bot option:Download file option:DDoS cmd option:Formgrabber logs:logins:users:Settings:IP blacklist:List of dns recod to modify:Help:1.5.0.0:Tasks:Statistics:Files:Users notice:AV Checker:1.7.0.1:The botmaster was running a support site at the url betabot.ru that i've monitored since...…

Betabot retrospective

Some of you know Betabot.. if you don't: http://www.ic3.gov/media/2013/130918.aspx1.0.2.5 panel:Dashboard:extended information:Search options:Tasks:Remove bot:Terminate bot till next reboot:Botkill:Socks4:Set browser homepage:Visit URL option:Update bot option:Download file option:DDoS cmd option:Formgrabber logs:logins:users:Settings:IP blacklist:List of dns recod to modify:Help:1.5.0.0:Tasks:Statistics:Files:Users notice:AV Checker:1.7.0.1:The botmaster was running a support site at the url betabot.ru that i've monitored since...…

Alina ‘sparks’ source code review

I got on my hands recently the source code of Alina "sparks", the main 'improvement' that everyone is talking about and make the price of this malware rise is the rootkit feature.Josh Grunzweig did already an interesting coverage of a sample, but what worth this new version ?InjectedDLL.c from the…

Alina ‘sparks’ source code review

I got on my hands recently the source code of Alina "sparks", the main 'improvement' that everyone is talking about and make the price of this malware rise is the rootkit feature.Josh Grunzweig did already an interesting coverage of a sample, but what worth this new version ?InjectedDLL.c from the…

Alina ‘sparks’ source code review

I got on my hands recently the source code of Alina "sparks", the main 'improvement' that everyone is talking about and make the price of this malware rise is the rootkit feature.Josh Grunzweig did already an interesting coverage of a sample, but what worth this new version ?InjectedDLL.c from the…

Alina ‘sparks’ source code review

I got on my hands recently the source code of Alina "sparks", the main 'improvement' that everyone is talking about and make the price of this malware rise is the rootkit feature.Josh Grunzweig did already an interesting coverage of a sample, but what worth this new version ?InjectedDLL.c from the…
1 2 3 7