Cyber&Ramen

More Cyber, Less Ramen

  • Home
  • About MeComing Soon…
  • A Quick Look at ELF Bifrose (Part 1)

    Bifrose or Bifrost is a backdoor initially targeting Windows systems with a long history. First identified in the early 2000’s, it is believed a hacking group (likely BlackTech), purchased the source code or gained access to it around 2010, and enhanced the malware for use in its own campaigns. BlackTech has long targeted both Windows […]

    Mike

    December 30, 2022
    INFOSEC
    APT, BlackTech, INFOSEC, Malware
  • So Long (Go)Daddy | Tracking BlackTech Infrastructure

    Summary BlackTech has built a reputation relying on (much to the delight of defenders) tech-themed domains and predictable registration patterns. Recent reporting linking malicious domains to the actor suggests these patterns may be fading, at least for the time being signifying a departure from the previous infrastructure configuration. Items to Note Background BlackTech, a.k.a. Huapi, […]

    Mike

    September 24, 2022
    INFOSEC
    INFOSEC
  • Analyzing Manjusaka Infrastructure

    21 August 2022 Recently, Avast tweeted a GitHub link of indicators of compromise (IOC) linked to the Manjusaka Framework. Cisco Talos released a blog earlier this month covering the framework in great detail, so I will not rehash their great work here. https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html Self-admittedly, I briefly glanced over the detection rules and scripts and immediately […]

    Mike

    August 21, 2022
    INFOSEC
    INFOSEC, Malware
  • Overview of AppleSeed Dropper

    Overview of AppleSeed Dropper

    02 June 2022 Summary The Kimsuky APT Group has routinely utilized the AppleSeed Backdoor to target various entities within South Korea, mainly for the purposes of espionage. While phishing still remains the primary vector of delivering the backdoor, over the past year, Kimsuky has gone to great lengths to disguise its attacks, utilizing numerous types […]

    Mike

    June 5, 2022
    INFOSEC
    APT, INFOSEC, Malware, NorthKorea
  • Analyzing the Royal Road to Space Pirates

    Analyzing the Royal Road to Space Pirates

    26 May 2022 While the actual blog post has been difficult to access for some, Positive Technologies released research on the Space Pirates APT group that has been spotted intruding on government, IT, and critical infrastructure networks in Russia, Georgia, and Mongolia. Believed to be operating since at least 2019, the Space Pirates group has […]

    Mike

    May 26, 2022
    INFOSEC
    APT, INFOSEC, Maldoc
  • Analysis of an Obfuscated RTF File

    15 May 2022 RTF SHA256: ac64adbfa128fd5f31bd922957942a1b80c56ee119791a29b939be04e1d7e2ba Filename: PO#JEL180409TH IR & JEL180409TH IRB.doc VirusTotal Score: 30/59 as of 12 May 2022 What’s An RTF? First released some 35 years ago, the Rich Text Format (RTF) file provides cross-platform support ensuring the document can be read and opened by a number of different word processing applications. As […]

    Mike

    May 15, 2022
    INFOSEC
  • Detecting COM Object Tasks Used by DarkHotel

    Detecting COM Object Tasks Used by DarkHotel

    Background Adversaries frequently utilize scheduled tasks, a legitimate Windows operating system utility to establish/maintain persistence and even execute code in a victim network. Scheduled tasks allow for persistence on a victim network between reboots as well as code execution when a certain condition is met (time, user logon, etc.). In this specific example, the adversary […]

    Mike

    March 30, 2022
    INFOSEC
    #APT, #INFOSEC, Maldoc, Malware
  • A Tale of Two Shells

    A Tale of Two Shells

    Although not utilized in attacks for initial access, web shells remain a go-to for all sorts of attackers, from cyber criminals to APT’s when it comes to post-exploitation. The server-side component of a web shell can be as short as one line of code, commonly in PHP. The China Chopper web shell has long been […]

    Mike

    February 18, 2022
    INFOSEC, Malware, Web Shell
  • Shortcut to Windows Update

    Shortcut to Windows Update

    Summary On January 27, 2022, Malwarebytes Labs shared an article covering new tactics including abusing the Windows Update Client for code executing believed to be the work of Lazarus. The purpose of this post will be to cover possible detection points for defenders to identify adversaries misusing the Windows Update Client. Please give the blog […]

    Mike

    February 4, 2022
    INFOSEC
    INFOSEC, Lazarus, lolbin, Malware
  • Analysis of a DLL Downloader

    Analysis of a DLL Downloader

    Summary SHA256: dedb8516befa4a5088000b8c7f699dae7f33761403dd355a14684ac89ff56a9a Filename: Unknown Filetype: DLL File size: 39KB From here on, the above DLL will be referred to as “downloader.dll”. The file is capable of: Downloading files Interacting with a C2 server Malware Overview This is an older file that was first identified around October 2021. Downloader.dll is a downloader capable of downloading […]

    Mike

    January 23, 2022
    INFOSEC
1 2
Next Page→

Proudly Powered by WordPress

  • Follow Following
    • Cyber&Ramen
    • Already have a WordPress.com account? Log in now.
    • Cyber&Ramen
    • Edit Site
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar