Key Points Avast discovered a new campaign targeting specific individuals through fabricated job offers. Avast uncovered a full attack chain from infection vector to deploying “FudModule 2.0” rootkit with 0-day Admin -> Kernel exploit. Avast found a previously undocumented Kaolin RAT, where it could aside from standard RAT functionality, change the last write timestamp of a...
Latest articles from Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies.
Latest articles from Avast Engineering
Following our guide about regular expressions, we present a new unique tool that can help you with a creation of such expressions, mainly for those used in the YARA Cuckoo module. To fully understand the benefits of our new open-source project, we first expand our knowledge about regular expressions in the Cuckoo module, share resources that can come in handy, and explain how to...
For the fifth post of the Know Your YARA Rules series, we want to create a comprehensive manual for regular expressions that would improve your YARA rules. Why is it so complicated? When discussing regular expressions, we must first address the elephant in the room. Regular expressions can get complicated rather quickly, mainly because they often look like winners in obfuscation games rather...
In the third post of the Know Your YARA Rules series, we mentioned that something is cooking up in the YARA world. In this post, we will investigate what the future holds for the YARA tool and its users. We are introducing the next generation of the YARA tool – YARA-X. Motivation YARA has recently celebrated its 15th anniversary (calculated from the first commit in the...
Recent Comments