Guide: Cuckoo Sandbox on FreeBSD
This is a guide through configuring a basic Cuckoo Sandbox installation on a FreeBSD host. The main points of difference between a Linux and a FreeBSD install lie in the configuration of the firewall for the host to NAT connections between the Virtualbox host-only network and the Internet. I don't often write guides, however decided… leer más
Automated Malware Analysis: mail server -> Cuckoo, V2.0
Quite some time ago I slapped together a couple of scripts to submitquarantined attachments from my mail server to Cuckoo (Article here [https://tribalchicken.com.au/informational/automated-malware-analysis-mail-server-cuckoo/] ). I have finally found time to re-write this to use a Postfix content filter: extracting any attachments from an email processed by Postfix, then submitting to Cuckoo… leer más
CryptoWall 3.0 + Fareit / Pony Combo
In this article I’m taking a look at the recent malware double-whammy of CryptoWall 3.0 and Fareit (or Pony, depending on classification). This is a rather potent combination which will encrypt all your data on your PC, as well as steal information such as passwords and BitCoin wallets. Note: At this point I… leer más
Crypt0L0cker - TorrentLocker Rebranded
Recently here in Australia there has been some discussion about a Ransomware campaign using Australian Federal Police themed spam emails (The AFP published a press release [http://www.afp.gov.au/media-centre/news/afp/2015/april/media-release-afp-warns-public-of-email-traffic-infringement-scam] on the matter in April). The malware shares many characteristics with TorrentLocker and looks to be nearly identical.… leer más
Hunting malware through memory analysis
A word of warning… Lots of screenshots in this post. Update 10/05/2015: I’ve updated the article with more information about some of the commands used in order to help out people who aren’t familiar with Volatility. When hunting a piece of malware it can be very interesting to have a poke… leer más