URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track, and share malware URLs, to help network administrators and security analysts protect their networks from cyber threats. URLhaus also offers an API to query information about malicious URLs. Integrating this API with Wazuh can help organizations improve their ability […]
Pandora Ransomware gained notoriety in March 2022 when DENSO, a well-known giant in the automotive industry was compromised. After this, several malware researchers analyzed Pandora samples and agree that it is a variant of Rook ransomware, a well-known malware that first appeared on VirusTotal in November 2021. The Pandora ransomware group has published several victims […]
Process injection is a defense evasion technique used by adversaries to execute malicious code within legitimate processes. When malware runs its code in the context of another process, it can access the process’ memory, use system/network resources, and assume elevated privileges. In most cases, users cannot differentiate an injected process from a legitimate one as […]
A vulnerability in the Linux kernel, dubbed “Dirty Pipe”, allows unprivileged users to overwrite data in read-only files. This can allow users to gain access to root privileges on the vulnerable endpoints. This is possible because exploiting this vulnerability can allow unprivileged processes to inject code into root processes. The vulnerability was discovered and explained […]
Our new blog post shows how Wazuh can detect generic and obfuscated hoaxshell payloads and other attacks that abuse PowerShell.
Since version 4.3.0, Wazuh introduced a new technique for collecting logs from macOS endpoints using the unified logging system (ULS). ULS is available in macOS 10.12 and later. Wazuh uses the CLI log tool to gather these logs in syslog format. This tool provides an interface for log collection in a filtered way using the […]
Please make sure that all words are spelled correctly.