Tracking Malware Campaigns Using String Metrics: bromium.com/tracking-malwa… #malware

If you're interested in malware analysis & RE, I highly recommend the #Zero2Hero course by Vitali Kremez and 0verfl0w. Props to SentinelOne for releasing ~7 hrs of content for free. It's community contributions like these that close the gap between defensive & offensive capability

#Emotet malspam activity resumed on 13 January 2020. This festive period its actors took a 21 day break, compared with 23 days in 2018/19. cc Cryptolaemus abuse.ch

The CfP for #bsidesbristol is officially open. This year we're accepting shorter talks (20 mins) as well as regular presentations (45 mins, including Q&A). If it's your first time presenting, we also have friendly mentors on hand to give advice and feedback.

Extremely informative overview of reverse engineering of “Ransomware as a Service” #Buran by Alex Bromium for Joint BCS Cybercrime Forensics OWASP® Foundation OWASP Cambridge UK ARU Cyber Research “Aspects Of Digital Forensics” Workshop ARU ARU Science & Engineering #cambridge on Wednesday 19th Feb

SPONSORS. We need your support. See our Sponsor Information Pack and levels available on our website. bsidesbristol.org.uk/sponsorship/ Let's make this happen!

I've been seeing a lot of #Nemty malspam activity lately.

A closer visualisation of the #Nemty campaign that targeted APAC organisations in February 2020.

At present we still intend to run the event at the end of July. We are monitoring the situation and will make a final call over the coming month.

Here's my write-up on changes to the #Aggah malspam campaign which looks at their mail infrastructure, lures, targets, PowerPoint Add-In dropper and Bitcoin stealer.

We're pleased to share the HP-Bromium Threat Insights Report for July 2020. Highlights include a look at the top document malware file types and office exploits we've seen in 2020 so far, and insights into recent #Aggah, #QakBot and #WannaMine campaigns. threatresearch.ext.hp.com/hp-bromium-thr…

Bromium's Patrick Schläpfer explains how to extract payload URLs from Dridex samples and provides a python script to do that threatresearch.ext.hp.com/dridex-malicio…

We saw high volumes of #Dridex malspam last week, showing up as three groups when clustering samples by filename similarity.

#PurpleFox EK now exploits CVE-2021-26411, demonstrating a short PoC-to-ITW time. On 12 April we isolated a sample from a HP Sure Click Enterprise customer in the Middle East. More details in our write-up by stoerchl on the HP Threat Research blog. threatresearch.ext.hp.com/purple-fox-exp…

We’re super excited to share our research into #opendir malware hunting and announce a new framework at #VBLOCALHOST Virus Bulletin this October! Hope to see many of you there.

New #PurpleFox EK campaign spotted in the wild. An IE Exploit was hosted on this domain: hxxps://feneffecsdoteteat.aixgedbubirtsabkhotsswse[.]shop C2 (registered on 25/07/2021): hxxps://8ze[.]me/u.php?id=1

We’ve just published YARA rules and Python scripts to our GitHub that detects and extracts #IcedID and #BazaLoader malware from Excel add-in (#XLL) files.