Thanks for coming researcher

Lastest Posts:

NanoCore RAT

post @ 2021-10-28
NanoCore RAT

_Overview

NanoCore is a RAT (Remote Admin Tool) used by cybercriminal groups such as APT33 (Refined Kitten) whose InitialAccess is varied, although it has been most commonly used through fake emails with .zipx extensions or with fake formats, which is commonly called phishing (T1566) or in this case, since it contains a file in the email and its objective is execution on disk to go further, it would be more accurate to call it Spearphishing (T1566.001).

The main potential of NanoCore is usually to steal data from the computer and user once it has gained access to the disk, but once it is inside, it could perform any action from the outside, and, of course it depends of version.

To this analysis, I have divided into two parts, which is usually a common practice in which we observe first statically everything we can get in the shortest possible time and then a dynamic in which we will see how it behaves, although, we will lose information if we do not monitor properly or not debug.

Read More

Babuk | Babyk

post @ 2021-05-09
Babuk | Babyk

_Babuk | Babyk Ransomware

One of the biggest current threats in terms of cybersecurity and the one that most concerns companies today is the Ransomware attack, its power be on encrypting as much as posible, regarding some exclusions and try to expand into a company to do as much damage as possible and request a ransom based on extortion. Babuk a ransomware with a short lifespan, is the first one in 2021.

Distinguished by a little perfected behaviour, it has already appeared in some companies, requesting for ransoms, like all the previous Ransomwares.

An example of this is the attack to Serco and PhoneHouse, in which, after cypher computers, they requested near 100.000$ through Bitcoin, the extorsión tryies to publicy sensitive and privacy content about clients, something that would cause any company to lose customers

Read More
⬆︎TOP