From ERMAC to Hook: Investigating the technical differences between two Android malware variants Authored by Joshua Kamp (main author) and Alberto Segura.SummaryHook and ERMAC are Andro... 2023-9-11 17:5:30 | 阅读: 12 | 收藏 | Fox-IT International blog - blog.fox-it.com ermac victim c2 decompiled

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScaler... 2023-8-15 21:29:56 | 阅读: 20 | 收藏 | Fox-IT International blog - blog.fox-it.com netscalers citrix divd 3519 netscaler

From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager During a recent incident response case, we found traces of an adversary leveraging ConnectWise R... 2023-2-22 18:18:13 | 阅读: 28 | 收藏 | Fox-IT International blog - blog.fox-it.com r1soft software malicious backup zk

Threat spotlight: Hydra This publication is part of our Annual Threat Monitor report that was released on the 8th of Feb... 2023-2-15 21:31:15 | 阅读: 17 | 收藏 | Fox-IT International blog - blog.fox-it.com c2 hydra tas injections github

CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet Authored by Yun Zheng HuRecently, two critical vulnerabilities were reported in Citrix ADC a... 2022-12-28 19:15:32 | 阅读: 58 | 收藏 | Fox-IT International blog - blog.fox-it.com citrix adc netscaler qcow2 vpx

One Year Since Log4Shell: Lessons Learned for the next ‘code red’ Authored by Edwin van Vliet and Max GrootOne year ago, Fox-IT and NCC Group released their b... 2022-12-12 16:3:26 | 阅读: 20 | 收藏 | Fox-IT International blog - blog.fox-it.com log4shell security network software emergency

I’m in your hypervisor, collecting your evidence Authored by Erik SchamperData acquisition during incident response engagements is always a b... 2022-10-18 23:1:35 | 阅读: 16 | 收藏 | blog.fox-it.com vmfs dissect acquire machine acquisition

Sharkbot is back in Google Play Authored by Alberto Segura (main author) and Mike Stokkel (co-author)IntroductionAfter w... 2022-9-2 19:7:31 | 阅读: 20 | 收藏 | blog.fox-it.com sharkbot c2 victim

Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study  Max Groot & Ruud van LuijkTL;DRA recently uncovered malware sample dubbed ‘Saitama’ was... 2022-8-12 00:5:12 | 阅读: 22 | 收藏 | blog.fox-it.com saitama c2 client fox tunnelling

Flubot: the evolution of a notorious Android Banking Malware Authored by Alberto Segura (main author) and Rolf Govers (co-author)SummaryFlubot is an... 2022-6-30 01:16:34 | 阅读: 34 | 收藏 | blog.fox-it.com flubot tas c2 smishing dga

Adventures in the land of BumbleBee Authored by: Nikolaos Totosis, Nikolaos Pantazopoulos and Mike Stokkel... 2022-4-29 19:14:10 | 阅读: 20 | 收藏 | blog.fox-it.com bumblebee network loader analysis windows

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store Authors:Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Ex... 2022-3-4 03:23:28 | 阅读: 38 | 收藏 | blog.fox-it.com sharkbot c2 ats transfers

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 tl;dr Run our new tool by adding -javaagent:log4j-jndi-be-gone-1.0.0-stand... 2021-12-14 07:11:44 | 阅读: 14 | 收藏 | blog.fox-it.com log4j jndi log4shell jndilookup javaagent

Log4Shell: Reconnaissance and post exploitation network detection Note: This blogpost will be live-updated with new information. NCC Group’s RIFT is intending to... 2021-12-12 19:16:0 | 阅读: 11 | 收藏 | blog.fox-it.com log4j fox threshold 3600 srt

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm Author: Margit Hazenbroektl;drAn approach to detecting suspicious TLS certificates using... 2021-12-7 15:18:56 | 阅读: 10 | 收藏 | blog.fox-it.com malicious anomaly trees mass network

Tracking a P2P network related to TA505 This post is by Nikolaos Pantazopoulos and Michael SandeeFor the past few months NCC Gro... 2021-12-2 09:34:6 | 阅读: 12 | 收藏 | blog.fox-it.com network grace payload ta505 php

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access NCC Group’s global Cyber Incident Response Team have observed an increase in Clop ransomware vic... 2021-11-8 16:30:13 | 阅读: 11 | 收藏 | blog.fox-it.com serv clsid powershell ssh microsoft

Reverse engineering and decrypting CyberArk vault credential files Author: Jelle VergeerThis blog will be a technical deep-dive into Cybe... 2021-10-12 07:42:6 | 阅读: 8 | 收藏 | blog.fox-it.com cyberark software encryption restriction

SnapMC skips ransomware, steals data Over the past few months NCC Group has observed an increasing number of da... 2021-10-11 19:15:0 | 阅读: 8 | 收藏 | blog.fox-it.com windows snapmc extortion victim software

RM3 – Curiosities of the wildest banking malware fumik0_ & the RIFT TeamTL:DROur Research and Intelligence Fusion Team have been tracking... 2021-05-04 23:47:41 | 阅读: 123 | 收藏 | blog.fox-it.com rm3 856b0d0 isfb loader bots