View RSS Feed


  1. Reversing Tinba: World's smallest trojan-banker DGA Code


    CSIS Security Group A/S has uncovered a new trojan-banker family which we have named Tinba (Tiny Banker) alias “Zusy”.
    Name:  1719074795.jpg
Views: 10262
Size:  18.3 KB

    Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing ...
  2. Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.

    Here we are providing a detail Analysis about Netravelr APT team based on the data we collected over the past 1 year.
    Name:  Screen Shot 2014-08-30 at 12.22.00 pm.jpg
Views: 8314
Size:  26.4 KB

    In 2014 the actors behind global cyber espionage campaign “Operation NetTraveler” celebrate ten years of activity. NetTraveler has targeted more than 350 high-profile victims in 40 countries. So it is high time we make our research public . This is not an individual research, instead this was part of efforts of various Garage4hackers ...

    Updated 08-30-2014 at 12:35 PM by garage4hackers

  3. Tutorial: Reverse Engineering GameoverZeus DGA code

    DGA : Is it Game Over for GameoverZeus DGA

    Name:  Screen Shot 2014-08-29 at 6.12.14 pm.jpg
Views: 8644
Size:  21.3 KB
    GameoverZeus was brought down and it reincarnated again. The Gameover Zeus is a very authentic contender in our DGA series. So let us analyse it and try to reverse its DGA just like we did in case of PushDO in last article.

    We got lot of request whether we could have a tutorial on reverse engineering DGA codes. So in this series we would ...
  4. Reverse Engineering : Domain generation for PushDo Malware algorithm released.

    DGA : The domain generation for PushDo unleashed
    Name:  Screen Shot 2014-08-26 at 1.22.56 am.jpg
Views: 9570
Size:  21.3 KB

    About pushdo:

    Four times since 2008, authorities and technology companies have taken the prolific PushDo malware and Cutwail spam botnet offline. Yet much like the Energizer Bunny, it keeps coming back for more.

    In early March, researchers at Damballa discovered a new version of the malware that had adopted a domain generation algorithm (DGA) in order to not only help ...

    Updated 08-26-2014 at 01:41 AM by garage4hackers