Background After reviewing a Trend Micro report detailing a Gootkit Loader campaign targeting the Australian healthcare industry available here, I decided to have a look myself and see if I could spot anything interesting. I threw together some VT searches and two samples drew my eye right away. water corporation enterprise agreement 2018 wa... Read more 15 Jan 2023 - 3 minute read
Preamble This post is the capstone for @HuskyHacksMK’s Practical Malware Analysis & Triage course, course description. For the final report I chose to use the WannaCry sample from eariler in the course. Executive Summary WannaCry is a ransomware worm targetting Windows computers. This malware encrypts files on the victim computer and dema... Read more 08 Jan 2023 - 1 minute read
Note: I have no special visibility into the Nauru leaks, all of the information I have used in this analysis is publicly available and a list of references is at the end of the post. TL;DR Law changes in Australia and NZ have affected Chinese influence operations. Russian successes (at least perceived successes) have provided the CC... Read more 09 Jul 2022 - 8 minute read
Analysis of helium-ack-golf-friend helium-ack-golf-friend is a sample I downloaded from MalwareBazaar that was uploaded by @teamffowlaw2, a link to the sample is below. Sample source: https://bazaar.abuse.ch/sample/01e38278ae884c2ebacd3b4ca31e17aa55eb7385b6f23b623d9885ee9bce23e8/ Static Analysis File Hashes I pulled the below hashes using ... Read more 13 Feb 2022 - less than 1 minute read
Analysis of lemon-mockingbird-north-alanine asparagus-potato-london-march is a sample I downloaded from MalwareBazaar that was uploaded by @Cryptolaemus1, a link to the sample is below. The bulk of this analysis is based on techniques I have learned from @HuskyHacksMK’s Practical Malware Analysis & Triage course. Sample source: https://baz... Read more 30 Jan 2022 - 5 minute read