#malwarebazaar — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #malwarebazaar, aggregated by home.social.
-
RE: https://infosec.exchange/@_r_netsec/116220859869337905
Waah, joli boulot.
Je me demande qui en est l’auteur.lecture technique très intéressante.
Une analyse statique complétée par du monitoring comportementale réseau qui plonge dans les entrailles du ver infostealer macOS injecté dans un plugin VS Code lors de la campagne Glassworm v2.. 👀C’est balaise et résilient, avec une belle répartition des tâches de vol entre AppleScript et Node.js. :amaze:
Les échantillons déobfusqués ont aussi été mis à disposition sur #malwarebazaar
https://bazaar.abuse.ch/sample/d72c1c75958ad7c68ef2fb2480fa9ebe185e457f3b62047b31565857fa06a51a/
#CyberVeille #MacSecurity #macOS #Malware #ThreatIntel #Glassworm
👇 -
Malware samples ⬆️ over the last 30 days (19.18%), 👾 #Mirai remains #1 for samples shared (3,805), and a BIG shout out to "JAMESWT_MHT" our top contributor with 975 samples shared!! 💪
Malware Digest | MalwareBazaar:
👉 https://www.spamhaus.org/malware-digest/#malwarebazaar -
Malware samples were ⬆️ in August (+49.56%), 👾 #Mirai remains #1 for samples shared (806), and a BIG shout out to top contributor “Bitsight” for sharing 850 samples, that's a +87% ⬆️ 💪
👉 Malware Digest | MalwareBazaar: https://www.spamhaus.org/malware-digest/#malwarebazaar
All the data in this report is provided by @[email protected], a project committed to fighting abuse on the internet.
-
Malware samples were ⬆️ in May (11.75%) and 👾 #Mirai is back in the top spot for no. of samples shared (1,036). Meanwhile, ⚡ #CobaltStrike is #1 for IOCs shared.
Malware Bazaar | samples shared:
👉 https://www.spamhaus.org/malware-digest/#malwarebazaarThreatFox | IOCs shared:
👉 https://www.spamhaus.org/malware-digest/#threatfoxAll the data in this report is provided by abuse.ch.
-
Updated #mlget (cli tool for downloading #malware from a variety of sources).
Added:
- Download ability from #AssemblyLine instances
- Find the correct file from #Triage when the file downloaded from Triage contains multiple files in the archive (and one of them should be the file being sought after)
- Fixed issue with #MalwareBazaar. MalwareBazaar needs to have the trailing slash on their API URL or it will do a redirect and mlget doesn't like it. The fix can either be done by adding the trailing slash to the .mlget.yml file or let the code adjust the call for you.Grab the latest copy here: https://github.com/xorhex/mlget/releases/tag/v3.2.1_1
-
We do share our malware samples now on #MalwareBazaar @abuse_ch
https://bazaar.abuse.ch/user/8715/ -
@abuse_ch
Seen some confusion about this - Just wanted to share that (for me at least) the API keys already generated for abuse.ch services (including #ThreatFox and #MalwareBazaar) still work 👍 -
@abuse_ch
Seen some confusion about this - Just wanted to share that (for me at least) the API keys already generated for abuse.ch services (including #ThreatFox and #MalwareBazaar) still work 👍 -
@abuse_ch
Seen some confusion about this - Just wanted to share that (for me at least) the API keys already generated for abuse.ch services (including #ThreatFox and #MalwareBazaar) still work 👍 -
@abuse_ch
Seen some confusion about this - Just wanted to share that (for me at least) the API keys already generated for abuse.ch services (including #ThreatFox and #MalwareBazaar) still work 👍 -
@abuse_ch
Seen some confusion about this - Just wanted to share that (for me at least) the API keys already generated for abuse.ch services (including #ThreatFox and #MalwareBazaar) still work 👍 -
A lnk file that downloads JavaScript from #malwarebazaar. This one uses lolbins like certutil for base64 decode, bitsadmin for download, and colorcpl for file copy. Also lots of JavaScript charcode obfuscation.
-
We have just published our report for December 2022, providing you some insights into malware trends across our platforms, including #URLhaus and #MalwareBazaar 🪲🔎👀
-
Just pushed an update for malwarebazaar, my little Python/CLI API client for @abuse_ch #MalwareBazaar. Originally just used for querying bazaar itself, now it's possible to query #YARAify, too. Additionally the CLI was updated to provide a richer (haha - https://rich.readthedocs.io/) output. You can find the new version on Github (https://github.com/3c7/bazaar/releases/tag/v0.2.0) and on PyPI via `malwarebazaar`.
-
Some additions, improvements, and fixes coming to #mlget soon.
https://github.com/xorhex/mlget
Mlget is a #malware downloader, allowing you to download from the following services:
#capesandbox
#filescanio
#hybridanalysis
#inquests
#joesandbox
#malpedia
#malshare / @malshare
#malwarebazaar
#mwdb
#objectivesee
#polyswarm
#triage
#unpacme
#urlscanio <-- NEW ADDITION COMING
#vt /#virustotal
#vxshare / @VXShareIt can also download and automatically upload to an MWDB instance of your choice.
-
Some additions, improvements, and fixes coming to #mlget soon.
https://github.com/xorhex/mlget
Mlget is a #malware downloader, allowing you to download from the following services:
#capesandbox
#filescanio
#hybridanalysis
#inquests
#joesandbox
#malpedia
#malshare / @malshare
#malwarebazaar
#mwdb
#objectivesee
#polyswarm
#triage
#unpacme
#urlscanio <-- NEW ADDITION COMING
#vt /#virustotal
#vxshare / @VXShareIt can also download and automatically upload to an MWDB instance of your choice.
-
Some additions, improvements, and fixes coming to #mlget soon.
https://github.com/xorhex/mlget
Mlget is a #malware downloader, allowing you to download from the following services:
#capesandbox
#filescanio
#hybridanalysis
#inquests
#joesandbox
#malpedia
#malshare / @malshare
#malwarebazaar
#mwdb
#objectivesee
#polyswarm
#triage
#unpacme
#urlscanio <-- NEW ADDITION COMING
#vt /#virustotal
#vxshare / @VXShareIt can also download and automatically upload to an MWDB instance of your choice.
-
Some additions, improvements, and fixes coming to #mlget soon.
https://github.com/xorhex/mlget
Mlget is a #malware downloader, allowing you to download from the following services:
#capesandbox
#filescanio
#hybridanalysis
#inquests
#joesandbox
#malpedia
#malshare / @malshare
#malwarebazaar
#mwdb
#objectivesee
#polyswarm
#triage
#unpacme
#urlscanio <-- NEW ADDITION COMING
#vt /#virustotal
#vxshare / @VXShareIt can also download and automatically upload to an MWDB instance of your choice.
-
Some additions, improvements, and fixes coming to #mlget soon.
https://github.com/xorhex/mlget
Mlget is a #malware downloader, allowing you to download from the following services:
#capesandbox
#filescanio
#hybridanalysis
#inquests
#joesandbox
#malpedia
#malshare / @malshare
#malwarebazaar
#mwdb
#objectivesee
#polyswarm
#triage
#unpacme
#urlscanio <-- NEW ADDITION COMING
#vt /#virustotal
#vxshare / @VXShareIt can also download and automatically upload to an MWDB instance of your choice.