Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #malware
  • 23 February 2023 Jarosław Jedynak , Michał Praszmo #ransomware #malware #analysis

    A tale of Phobos - how we almost cracked a ransomware using CUDA

    Article thumbnail

    For the past two years we've been tinkering with a proof-of-concept decryptor for the Phobos family ransomware. It works, but is impractical to use for reasons we'll explain here. Consequently, we've been unable to use it to help a real-world victim so far. We've decided to publish our findings and tools, in hope that someone will find it useful, interesting or will continue our research. We will describe the vulnerability, and how we improved our decryptor computational complexity and performance to reach an almost practical implementation.

    Read more
  • 27 October 2021 CERT Polska #malware #analysis #vidar #stealer

    Vidar stealer campaign targeting Baltic region and NATO entities

    Article thumbnail

    While working on our automatic configuration extractors, we came across a rather strange-looking Vidar sample. The decrypted strings included domain names of such organizations as the NATO Strategic Communications Centre of Excellence, Border Guard of Poland, Estonia and Latvia, and Ministry of the Interior of Lithuania. Automatically extracted strings from …

    Read more
  • 20 August 2021 Manorit Chawdhry #malware #drakvuf #tools

    Linux Injector for automated malware analysis

    Article thumbnail

    Guest post by our Google Summer of Code student, Manorit Chawdhry Project proposal: https://summerofcode.withgoogle.com/projects/#6209067233574912 Motivation Wait, what? Malware on Linux? Yup, you read it right. Linux malware isn't given much importance in our community, as Windows is the most targeted operating system for malicious attacks …

    Read more
  • 20 August 2021 Jan Gruber #malware #tools #drakvuf

    HID simulation for DRAKVUF

    Article thumbnail

    Guest post by our Google Summer of Code student, Jan Gruber Project proposal: https://summerofcode.withgoogle.com/projects/#6703931754807296 Overview My project for GSoC 2021 was to realize an undetectable simulation of human behaviour in the VMI-based sandbox DRAKVUF, which resulted in the contribution of a plugin named hidsim - short …

    Read more
  • 14 May 2021 Jarosław Jedynak #karton #malware #mwdb #tools

    Karton Gems 3: Malware extraction with malduck

    Article thumbnail

    Table of contents Getting Started Your first karton Malware extraction with malduck Introduction Today we'll continue topics started in the first part of the tutorial. We'll learn about malduck, what can it do and how to write your own modules. Later we'll also show how to integrate it with Karton …

    Read more
  • 29 April 2021 Jarosław Jedynak #karton #malware #mwdb #tools

    Karton Gems 2: Your first karton

    Article thumbnail

    Table of contents Getting Started Your first karton Malware extraction with malduck Introduction In the last part, we've explained how to set up a simple Karton pipeline and start your tasks. If you haven't already, it's probably a good idea to read it now. Or you can clone the karton-playground …

    Read more
  • 21 April 2021 Jarosław Jedynak #karton #malware #mwdb #tools

    Karton Gems 1: Getting Started

    Article thumbnail

    Table of contents Getting Started Your first karton Malware extraction with malduck What is Karton? Karton is a framework for microservice orchestration, designed by security researchers for security researchers (but flexible enough to be used everywhere). It shines in scenarios where there is a clear separation of "input" and "output …

    Read more
  • 13 April 2021 Michał Praszmo #guloader #malware #cloudeye #analysis

    Keeping an eye on CloudEyE (GuLoader) - Reverse engineering the loader

    Article thumbnail

    CloudEye (originally GuLoader) is a small malware downloader written in Visual Basic that's used in delivering all sorts of malicious payloads to victim machines. Its primary function is to download, decrypt and run an executable binary off a server (commonly a legitimate one like Google Drive or Microsoft OneDrive). At …

    Read more
  • 30 December 2020 Jarosław Jedynak #tools #malware #karton #mwdb

    Set up your own malware analysis pipeline with Karton

    Article thumbnail

    We proudly announce that today we open-source a large part of our analysis framework and pipeline! If you want to try it – check out Karton project on GitHub. What is karton? Karton is a robust framework for lightweight and flexible analysis backends. It can be used to connect malware analysis …

    Read more
  • 21 October 2020 Paweł Srokosz #malware #tools

    Set up your own malware repository with MWDB Core

    Article thumbnail

    We proudly announce that the open-source version of MWDB Core has been released! If you want to try it – check out mwdb-core project on GitHub. What is MWDB Core? MWDB Core is a malware repository for automated malware collection and analysis systems, developed by CERT Polska. You can set it …

    Read more
1 2 ... 8 »

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON