...C:\Program Files (x86)\ossec-agent\active-response\bin\yara\rules\yara_rules.yar file and add the following Remcos RAT YARA rules: rule Remcos_RAT { meta: Author = "Benjamin Nworah" Description = "Detect Remcos RAT" Reference = "Personal Research" Date...
..."Benjamin Nworah" Description = "Detect Daolpu malware" Date = "16-08-2024" Hash1 = "3a9323a939fbecbc6d0ceb5c1e1f3ebde91e9f186b46fdf3ba1aee03d1d41cd8" Hash2 = "4ad9845e691dd415420e0c253ba452772495c0b971f48294b54631e79a22644a" strings: $a1 = "D:\\c++\\Mal_Cookie_x64\\x64\\Release\\mscorsvc.pdb" $a2 = "C:\\Windows\\Temp\\result.txt" condition: all of ($a*) } 5. Edit...
...YARA rule to detect the Mint Stealer malware: rule MintStealer { meta: Author = "Benjamin Nworah" Description = "Detect Mint Stealer malware" Date = "13-09-2024" Hash1 = "1064ab9e734628e74c580c5aba71e4660ee3ed68db71f6aa81e30f148a5080fa" // SHA-256...
STRRAT is a Java-based remote access trojan (RAT) that provides threat actors with full remote control of infected Windows endpoints. STRRAT focuses on stealing credentials from browsers and email clients...
Vidar infostealer is a malware that steals sensitive information from cryptocurrency wallets, web browsers, and other applications like WinSCP, Telegram, and Authy 2FA on infected Windows endpoints. It can collect...
A DHCP starvation attack occurs when a malicious actor floods a DHCP server with a large number of DHCP DISCOVER packets with spoofed MAC addresses. This action exhausts all the...
Amadey is a malware that steals sensitive information from infected Windows endpoints. This malware was first discovered in 2018 and has maintained a persistent botnet infrastructure since then. It has...
Amazon Elastic Container Registry (ECR) is an Amazon Web Services (AWS) managed container image registry service that stores, shares, and deploys container images. Amazon ECR provides an image scanning feature...
AWS Managed Microsoft Active Directory (AD) is an AWS Directory Service that provides users, businesses, and organizations different options to use Microsoft Active Directory (AD) with other AWS services. AWS...
PostgreSQL is an open source, highly stable database management system that uses several features to securely store and scale data workloads. PostgreSQL is supported by major operating systems such as...
We are thrilled to announce the release of Wazuh 4.8.0. This update introduces a rework of the Wazuh Vulnerability Detector module and improvements to the Wazuh dashboard user interface (UI)...
Please make sure that all words are spelled correctly.