APT Malware (advanced persistent threat)
Вставка
- Опубліковано 5 жов 2024
- jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ jh.live/snyk
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricet...
Learn Coding: jh.live/codecr...
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
the commitment to pronouncing it "collenction" as written is appreciated
That iColumn looks like it’s used to prevent it from running multiple times after it’s opened…
Excuse me. Where are the links that should have been in the description?
Loved the video Sir. The walk through with your thought process is extremely beneficial. Thank you.
Who else thought it was about the ubuntu package manager?
*debian package manager and i thought that too
😂 bro
*debian(?)
It's Debian's package manager, on which Ubuntu is based on.
@@sofiaknyazeva ye
I like how he brings the perfect amount of Entertainment and Education to the Table, You're my second favorite ICT Tutor! :D (First is NetworkChuck and Third is David Bombal)
Sick analysis bro!
"let me fulfill a contractual obligation" does Mr. Hammond watch Schlatt?
John, you could use WinUtil to remove Defender completely
Excel-lent job, my friend 😅😁
Seriously though, loved this video.Two thumbs up
👍👍
Interesting that you get the actual copy dialog when you copy in vbscript
Very interesting, thanks for showing!
Looks like malware from 1998.
A pakistani advanced persistent threat??
GRAPE
this is what we love john!!!
Delhi is a capital of India Jhon 🇮🇳
Why did the creator include these Replace("_", "") or whatever in the code? I doubt it somehow bypasses virus protection and it really doesn't obfuscate the code that much
To prevents static analysis.
If someone or something searches for common strings like "autorun", having it split up into "auto_" and "whaterver_run" makes it harder to find.
It won't completely bypass AV's, but it does a pretty good job to not make it easy either, i'd say.
Thanks 🎉
Do APT malware not bother to break through VM’s?
It is very difficult to escape a properly set up virtual machine.
It does, that's implemented via anti-sandboxing technique where the malware acting smart and being able to detect whether the operating system is running on VM box or not. Some really evasive malware coded to specifically sleep for amount of time untill it find some ways to sneak in to the user's environment by just infecting external storage devices etc...
Can be used as smart saver?
apt-get install malware
Instructions unclear, my PC is ssh into Iran somewhere
Instructions unclear, it removed my desktop environment.
22:20 - "that doesn't seem like a real worthwhile IP address..." - Obviously didn't geolocate it.
Pakistan????
people in government who use PC are not as smart in using computers, so even if this malware function is somewhat old, people would still become its victim, but I wonder what kind of data has been leaked by this, I know Aadhaar including biometric of every Indian is available somewhere on internet, with so weak security, if it somehow reaches India missile control center, it would be dangerous, could cause world war 3
Thought it was APT the package manager. Lol
this is great thanks johnny🥰
1:48 Diagnosis: Brain damage, you literally just had to click activate to see the macros.
Where can I find the malware file?
Don't upload in virus total
malware sample hash?
Why are excel macros allowed to access all these things? no wonder excel macros are a security nightmare
.b.i.n.a. .s.a.r.a.n.a. .i.n.f.o.r.m.a.t.i.k.a.
Loved this!
nice!
Very nice 😅
love this content
Brilliant.
Congrats to Huntress on $1.5B valuation. o_O
INTERESTING!
You good?
Nice!
20:31 isEsaean catch my eyes. I saw another case Russian hackers put their ransomwares an indicator whether the system use russian keyboard or not..
isEsaean maybe isAsian to protect computers from friendly fires also
its a zombie factory file
but i don't see any advance in all this!!!!
hi
One minute ago is crazy
If apple was a construction company: iColunn
I wonder what that "summer collenction" might be, let's just open it ¯\_(ツ)_/¯
only 8 nearly identical images, what a waste of time
now to log into my bank
Delhi india
How is this an APT malware if you need to disable defender to run it? LOL
Because since its discovery, it has been added to defenders checklist.
""advanced"" persistent threat but they can't even spell collection..
i was surprised that Pakistan has an apt and spelling in English doesn't make someone a good hacker like look at the Russian or north koreans
Sneak? Man I thought they are Synk.
Edit: Shit I just realised that I've been pronouncing it wrong for almost 3 years 💀
LOL 😭
Lol an unobfuscated and outdated crimsonrat they weren’t going to get any infections like that 😂
Close to first
woo 500 views?
Comment for the algorithm 🎉
not not first
first
not first
yea APT def not using macros these days bro
This sample is two weeks old. yea they def are bro
@@_JohnHammond ok? sample is 2 weeks old this has been old news for over a year no one uses this
yea nobody uses phishing attacks anymore these days bro it's totally obsolete
@@skycaptain95 yep thats what i said LOL
@@_JohnHammondif I was able to understand its working, I would say it's not atleast advance
BirvTrving 2024
damn