Posts by nex

9 min

Upcoming G20 Summit Fuels Espionage Operations

The international policy and financial community is in ferment for the upcoming G-20 summit, scheduled to kick-off in St Petersburg, Russia, in two weeks from now. The "Group of Twenty" consists of political leaders, finance ministers and bank governors from 19 economically-prominent countries, along with representatives of European Union institutions. The group has been meeting regularly every year since 2008 in private meetings where the participants discuss and agree on international financ

9 min Malware

ByeBye Shell and the targeting of Pakistan

Asia and South Asia are a theater for daily attacks and numerous ongoing espionage campaigns between neighboring countries, so many campaigns that it's hard to keep count. Recently I stumbled on yet another one, which appears to have been active since at least the beginning of the year, and seems mostly directed at Pakistani targets. In this article we're going to analyze the nature of the attacks, the functionality of the backdoor - here labelled as ByeBye Shell - and the quick interaction I h

15 min Malware

Skynet, a Tor-powered botnet straight from Reddit

While wandering through the dark alleys of the Internet we encountered an unusual malware artifact, something that we never observed before that gave us fun while we meticulously dissected it until late night. The more we spent time looking at it, the more it started to look unusually familiar. As a matter of fact it turned out being the exact same botnet that an audacious Reddit user of possible German origin named “throwaway236236” described in a very popular I Am A thread you can read here [

13 min Malware

Analysis of the FinFisher Lawful Interception Malware

It's all over the news once again: lawful interception malware discovered in the wild being used by government organizations for intelligence and surveillance activities. We saw it last year when the Chaos Computer Club unveiled a trojan being used by the federal government in Germany, WikiLeaks released a collection of related documents in the Spy Files, we read about an alleged offer from Gamma Group to provide the toolkit FinFisher to the Egyptian government, and we are reading once again now

4 min Malware

Cuckoo Sandbox 0.4 Simplifies Malware Analysis with KVM support, Signatures and Extended Modularity

That's right, the much anticipated and long awaited 0.4 release is finally here! Just like divas arrive late at the gala, we took some more time than expected, but are now worthy of a triumphant entrance. If you're not familiar with Cuckoo Sandbox, it's an open source solution for automating malware analysis. What does that mean? Simply that you can throw any suspicious file at it and after a few seconds it will give you back detailed information on what that file does when executed inside a