malware analysis

  1. Threat Advisory: Understanding GRU Unit 29155's Cyber Operations and Mitigations

    Summary The advisory clarifies that cyber operations carried out by Unit 29155 are characterized by espionage, sabotage, and the intention to inflict reputational damage. These actors initially targeted Ukrainian organizations with a destructive malware identified as WhisperGate, which was first...
  2. NEWS The 'Joker' Virus: Everything You Need To Know – Updated December 2021

    The ‘Joker’ virus has been around since 2017, it has been a recurring thread to Android OS to this day. You’ve probably heard of this virus on more than one occasion. Considering that it surfaced two times in the last couple of months, we’ve decided to give you more detailed information about...
  3. AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

    Original release date: February 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts...
  4. AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

    Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to Link Removed...
  5. TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

    Original release date: May 29, 2018 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI...
  6. TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
  7. TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
  8. Windows 10 Creating your own file hashing "program"

    I personally need to generate file hashes quite a bit for verifying file integrity as well as analyzing malware samples. I really wanted to have code that I had complete control over so I wrote a short powershell script and some minor registry editing to set this up. Registry Change If you...