| // Simple Example to Demostrate working of cpuid by priting the cpu vendor name using inline assembly | |
| #include <stdio.h> | |
| int main() | |
| { | |
| char cpuVendor[20]; | |
| char* CPUvendor = (char*)cpuVendor; | |
| __asm { | |
| mov edi, CPUvendor; |
| # C2 FQDNs | |
| first seen fqdn | |
| 2019-12-11 23:37:10 updatemanagir.us | |
| 2019-12-20 17:51:05 cmdupdatewin.com | |
| 2019-12-26 18:03:27 scrservallinst.info | |
| 2020-01-10 00:33:57 winsystemupdate.com | |
| 2020-01-11 23:16:41 jomamba.best | |
| 2020-01-13 05:13:43 updatewinlsass.com | |
| 2020-01-16 11:38:53 winsysteminfo.com | |
| 2020-01-20 05:58:17 livecheckpointsrs.com |
Sup NERDS, This will gonna be my first article on AXIAL Blog 🥰. Today I will discuss malware will give u a gentle introduction to malware analysis in general. So What we will discuss in this article is:
Hello World, This Will Probably be My First Malware Report Where I will Reverse Ryuk Ransomware. So Before Getting into Technical Analysis and Reverse Engineering I will Provide Some Introduction to Ryuk. So let's First Discuss the CyberKillChain of Ryuk it goes typically like this:
1- An maldoc Contains a malicious macro that will execute PowerShell.
2- The PowerShell Command then Downloads Emotet Banking Trojan.
3- Emotet Then Downloads TrickBot
4- As A Typical Lateral Movement Activity TrickBot Downloads Ryuk
| import json | |
| # fn_name = "wsprintfW" | |
| # api_hash = 0x0B6D391AE | |
| export_db = {} | |
| def get_api_hash(fn_name): | |
| result = 0x2b | |
| for c in fn_name: |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace arrays | |
| { | |
| class Program | |
| { |
| Introduction: | |
| ========== | |
| Apt-16 also known as SVCMONDR is China based apt-group that established attacks between November 26, 2015, and December 1, 2015. Their Goals Was mainly Cyber-Espionage and Data Theft. | |
| Targets: | |
| ======= | |
| There attacks focused on two countries Taiwan and Japan. They Targeted 4 Industries Government, Media, Finance and High-Tech. |
| Introduction: | |
| ========== | |
| Apt-16 also known as SVCMONDR is China based apt-group that established attacks between November 26, 2015, and December 1, 2015. Their Goals Was mainly Cyber-Espionage and Data Theft. | |
| Targets: | |
| ======= | |
| There attacks focused on two countries Taiwan and Japan. They Targeted 4 Industries Government, Media, Finance and High-Tech. |
| Introduction: | |
| ========== | |
| . APT-18 also known as Dynamite Panda is China based apt group they mainly targeted United States their Goals were Cyber-Espionage and Data Theft. | |
| Targets: | |
| ======= | |
| . APT-18 Mainly Targeted United States they Targeted Multiple Industries including: Aerospace and Defense, Construction and Engineering, Education, Health and Biotechnology, High Tech, Telecommunications, Transportation. |
GMAN is a Russian Based apt group. Their Campaigns Focused on the Finance Industry to transfer money from Banks to e-currency services. Their Attack Time Scale was since 2015 and in 2017 they was in active.
GCMAN has been Targetting Russian Banks since 2015 using Spearphishing.