Ferdous Saljooki
@malwarezoo
macOS Threat and Detections Research @JamfSoftware Opinions are my own.
ID: 870794599085879298
03-06-2017 00:09:45
380 Tweet
636 Followers
414 Following
In this new article from DefSecSentinel, we explore just how easy it is to write detection rules for Elastic Security! Check out the detections we wrote for UltraEdit, which was surfaced by MalwareHunterTeam back in January: go.es.io/3wYg6TS
MalwareHunterTeam Thanks for the @ 🥰🙏🏽 Appears to be a native build of the DPRK's "BeaverTail" (previously distributed via JS, an analyzed by Palo Alto Networks) Just posted my analysis: objective-see.org/blog/blog_0x7A…
MalwareHunterTeam Patrick Wardle Florian Roth it`s rustbuck, related pdf 743bd4c36afdcfaff4508fd613a4f4eee71d2e0bc5a31deb1c170d1039c953ae, found in hxxps://filedn.com/lY24cv0IfefboNEIN0I9gqR/, old xor key as in jamf.com/blog/bluenorof…, decrypted pdf 37e6d18ba339b3efa5dd26e143af8bbeb8eefabbc4cfab72e6150e3bc3290b31
Karlo Zanki ReversingLabs beat me to it with a great write-up, referenced in the blog, but I found this #DPRK lure and its Python initial access implementation very interesting so I decided to do a technical deep dive write-up while looking more at why Python is so attractive