linux-malware-toolbox

Linux Malware Samples - Educational Repository ⚠️ IMPORTAN...

linux-malwares

Linux Malware Samples - Educational Repository ⚠️ IMPORTAN...

APThreatHunter: An Automated Planning-Based Threat Hunting Framework

Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber thre...

EUVD-2015-8844

Malware in sbrugna...

MalEval Android Malware Evaluation Framework

This repository contains the source code of MalEval, an evaluation framework for Android malware behavior auditing, focusing on explaining and substantiating malicious behaviors. The framework provides expert-verified reports, curated metadata, and model outputs to enable reproducible evaluation ...

Secure Development of a Hooking-Based Deception Framework against Keylogging Techniques

Keyloggers remain a serious threat in modern cybersecurity, silently capturing user keystrokes to steal credentials and sensitive information. Traditional defenses focus mainly on detection and removal, which can halt malicious activity but do little to engage or mislead adversaries. In this pape...

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

This blog details our investigation of malware samples that conceal within them a FOG ransomware payload...

Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences

dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...

Dissecting a Clever Malware Sample for Optimized Detection and Protection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

Can Business Cybersecurity Protection Outlay Offset Cybercrime Insurance?

What is cybercrime insurance? Business cybersecurity protection cybercrime insurance safeguards organizations from any financial losses relating to damage to or loss of information from, networks and IT systems. This may include reputation loss, the cost of business interruption, infringement of...

Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

A Windows living-off-the-land binary LOLBin known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade...

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

The U.S. Cyber Command USCYBERCOM on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of...

PMAT-labs - Labs For Practical Malware Analysis And Triage

Welcome to the labs for Practical Malware Analysis & Triage. WARNING Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course PMAT. These samples are either written to emulate common malware characteristics or a...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

l4j-info Compiling valuable links as I find them documenting C...

Telegram Platform Abused in 'ToxicEye' Malware Campaigns

Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...

Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more...

Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.vwl Vulnerability: Insecure Permissions EoP Description: WinSpy.vwl create t...

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M"...

Adrozek Malware Delivers Fake Ads to 30K Devices a Day

A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages, according to Microsoft. At its peak in August, Adrozek was observed on more than 30,000 devices each day, researchers found, affecting multiple browsers. The...

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor, " the malware has done an 'excellent' job of compromising systems as early as...