ninfo malware

NasaPaul Botnet: A Need for Speed

Updated: 2021-02-28 - Update detection section to explain why v.py might not be flagged by AV. Updated: 2021-03-03 - Divide article by LM Kill Chain phases instead of MITRE ATT&CK framework. Case Summary I collect live malware samples from honeypots running on public cloud servers. This case examines a repeated security event following a successful bruteforce attack against SSH where malware payloads ninfo and v.py are dropped from nasapaul[.]com. The samples examined in this post were captured on February 23rd, 2021....

February 27, 2021 · 16 min
Colored Visual Glitch

Malware Labs and Machines

This post is geared towards beginners and documents the general steps I took to build a home malware lab. Malware Lab Plans The malware lab must meet the following requirements: Malware environment must not connect to prod/shared networks. Dedicated physical workstation to host malware lab. (i.e. an old laptop) Quickly restore host in the event of malware escape. Include both static and dynamic analysis features. WARNING: Conduct all security research on an isolated network seperate from shared/personal devices....

January 28, 2021 · 4 min