vti-cosplay: Low Budget VirusTotal Intelligence Cosplay
vti-cosplay parses a YARA rule then maps each entry to VirusTotal query, and merges individual results. Hence, it mimics YARA scan on the VirusTotal.…
In-Depth Analysis: Attack Vector That Triggered By Risk Board Game
During the analysis, the Risk game's rules and goals were observed. The findings lead to a Github account and then a repository. The comparison results lighting up a complex attack vector that is constructed by various stages and also utilizes steganography-like technique.…
In-Depth Analysis: Phishing RTF File That Drops Agent.Tesla Variant
The analyzed attack begins with RTF file named 'swift_copy.doc'. The attack vector uses lots of technologies for different steps until reaching to the actual stage that makes desired actions. In the end, it drops Agent.Tesla variant and it is capable enough to siphon...…
Late Night Show: Phishing Document That Targets NATO by APT28
The attack begins with a phishing document that mimics the brochure of the NATO STO (Science And Technology Organization) conference that organized in December 2018. The analyzed sample's second stage is a DLL file.…