tag:blogger.com,1999:blog-21734573626317542142024-03-12T21:29:50.663-07:00tildedennisDennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.comBlogger159125tag:blogger.com,1999:blog-2173457362631754214.post-81945876982898167902022-12-06T08:52:00.000-08:002022-12-06T08:52:27.155-08:00Technical Analysis of DanaBot Obfuscation Techniques<p><a href="https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques">https://www.zscaler.com/blogs/security-research/technical-analysis-danabot-obfuscation-techniques</a><br /></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-11257119656214498772022-04-28T10:07:00.006-07:002022-04-28T10:08:16.907-07:00Peeking into PrivateLoader<p><a href=" https://www.zscaler.com/blogs/security-research/peeking-privateloader">https://www.zscaler.com/blogs/security-research/peeking-privateloader</a></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-10566464254581893392022-03-02T17:07:00.001-08:002022-03-02T17:07:24.115-08:00DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense<p><a href=" https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense">https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense</a></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-57894701758874897692021-12-13T12:25:00.006-08:002021-12-13T12:25:44.199-08:00Return of Emotet: Malware Analysis<p><a href=" https://www.zscaler.com/blogs/security-research/return-emotet-malware-analysis" target="_blank">https://www.zscaler.com/blogs/security-research/return-emotet-malware-analysis</a></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-87263144375992592552021-11-05T07:12:00.001-07:002021-11-05T07:12:03.621-07:00Spike in DanaBot Malware Activity<p><a href=" https://www.zscaler.com/blogs/security-research/spike-danabot-malware-activity" target="_blank">https://www.zscaler.com/blogs/security-research/spike-danabot-malware-activity</a></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-32343232697552776482021-06-24T07:22:00.001-07:002021-06-24T07:22:19.726-07:00 JSSLoader: Recoded and Reloaded <p><a href="https://www.proofpoint.com/us/blog/threat-insight/jssloader-recoded-and-reloaded"> https://www.proofpoint.com/us/blog/threat-insight/jssloader-recoded-and-reloaded</a> (co-author)</p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-82647117569495961842021-06-17T06:35:00.005-07:002021-06-17T06:35:54.493-07:00New TA402 Molerats Malware Targets Governments in the Middle East<p><a href="https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east"> https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east</a> (co-author)<br /></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-69279794106876032652021-03-11T07:43:00.007-08:002021-03-11T07:43:47.840-08:00NimzaLoader: TA800’s New Initial Access Malware <p><a href="https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware">https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware </a><br /></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-21816056037322957372021-01-26T13:34:00.005-08:002021-01-26T13:34:52.514-08:00New Year, New Version of DanaBot<p><a href="https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot" target="_blank">https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot</a></p>Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-31699857284415575822020-06-11T06:54:00.002-07:002020-06-11T06:54:29.684-07:00FlowCloud Version 4.1.3 Malware Analysis<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/blog/threat-insight/flowcloud-version-413-malware-analysis">https://www.proofpoint.com/us/blog/threat-insight/flowcloud-version-413-malware-analysis</a></div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-34734760324065642472020-06-10T08:26:00.000-07:002020-06-10T08:26:07.915-07:00TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new">https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new</a> (FlowCloud malware reversing)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-62273268832212679302020-05-21T12:41:00.002-07:002020-05-21T12:41:47.147-07:00There is always a Zeus.<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns">https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns</a></div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-9973116970567312302019-12-29T10:57:00.001-08:002019-12-29T10:58:46.546-08:00zeusmuseum.<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://zeusmuseum.com/">https://zeusmuseum.com/</a><br />
<br />
#zeus #malware #history </div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-4900309533935071342019-12-05T19:40:00.001-08:002019-12-29T10:58:31.691-08:00Buer, a new loader emerges in the underground marketplace<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/buer-new-loader-emerges-underground-marketplace">https://www.proofpoint.com/us/threat-insight/post/buer-new-loader-emerges-underground-marketplace</a> (co-author)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-26436053224251058222019-10-16T07:00:00.002-07:002019-10-16T07:00:48.070-07:00TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader">https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader</a></div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-7902824099334202952019-08-01T14:14:00.003-07:002019-08-01T14:14:24.475-07:00LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks">https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks</a> (LookBack malware reversing)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-84106785468213153102019-07-24T10:34:00.001-07:002019-07-24T10:34:15.507-07:00Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology">https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology</a> (Cotx RAT malware reversing)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-36843531611130601612019-07-02T07:09:00.001-07:002019-07-02T07:09:21.774-07:00AndroMut Downloader<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south">https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south</a> (co-author)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-30601959797628079932019-06-09T10:13:00.003-07:002019-06-09T10:13:56.902-07:00Cryptopals Set 2: Block crypto<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://github.com/tildedennis/cryptopals/tree/master/set_2">Set 2 is up on GitHub.</a></div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-83968542934269646122019-05-09T14:55:00.001-07:002019-05-09T14:55:08.424-07:00Steal or Get Off the KPOT<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal">https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal</a></div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-77027402504005107122019-04-07T17:55:00.000-07:002019-04-07T17:55:08.010-07:00Cryptopals Set 1: Basics<div dir="ltr" style="text-align: left;" trbidi="on">
Working my way through the <a href="https://cryptopals.com/">Cryptopals crypto challenges</a> using Python. <a href="https://github.com/tildedennis/cryptopals/tree/master/set_1">Set 1 is up on GitHub</a>.</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-63160726413885077302019-03-13T14:46:00.000-07:002019-03-13T14:46:14.069-07:00DanaBot control panel revealed<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/danabot-control-panel-revealed">https://www.proofpoint.com/us/threat-insight/post/danabot-control-panel-revealed</a></div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-47261637021096500622019-01-09T10:40:00.000-08:002019-01-09T10:40:13.160-08:00ServHelper and FlawedGrace - New malware introduced by TA505<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505">https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505</a> (co-author)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-88975462952991555692018-12-08T03:51:00.000-08:002018-12-08T03:51:00.078-08:00Everything Panda Banker<div dir="ltr" style="text-align: left;" trbidi="on">
"<a href="https://github.com/EmergingThreats/threatresearch/blob/master/talks/botconf_2018_everything_panda_banker.pptx">Everything Panda Banker</a>" slides from Botconf 2018.</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0tag:blogger.com,1999:blog-2173457362631754214.post-613859609385406312018-11-19T13:32:00.001-08:002018-11-19T13:32:37.592-08:00tRat: New modular RAT appears in multiple email campaigns<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.proofpoint.com/us/threat-insight/post/trat-new-modular-rat-appears-multiple-email-campaigns">https://www.proofpoint.com/us/threat-insight/post/trat-new-modular-rat-appears-multiple-email-campaigns</a> (did the malware reversing for this post)</div>
Dennis Schwarzhttp://www.blogger.com/profile/04492727236131376708noreply@blogger.com0