MAECO-Lite: Modular Ontology for Dynamic Malware Analysis

Capturing dynamic malware behavior in a practical but still semantically precise manner remains a significant challenge in cyber threat intelligence. While standards such as MAEC and STIX provide widely adopted vocabularies for describing malware artifacts and observations, they represent data wi...

A Novel Study on Intelligent Methods and Explainable AI for Dynamic Malware Analysis

Deep learning models are one of the security strategies, trained on extensive datasets, and play a critical role in detecting and responding to these threats by recognizing complex patterns in malicious code. However, the opaque nature of these models-often described as "black boxes"-makes their...

StreamDivert - Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination

StreamDivert is a tool to man-in-the-middle or relay in and outgoing network connections on a system. It has the ability to, for example, relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another...

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

Design/Logic Flaw

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

CVE-2019-13125

CVE-2019-13125 affects Tencent Habo/HaboMalHunter up to version 2.0.3. The root cause is a vulnerability related to PIE compilation that allows attackers to evade dynamic malware analysis, enabling bypass of sandbox analysis in the affected tool. Public documents describe the impact as bypassing ...

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

Malware Network Communication Provides Better Early Warning Signal

Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...