• 15 March 2019 przemyslawf #annual report

    Incidents and incident reports in 2018

    Article thumbnail

    Publication of our annual report is coming soon. Editing is moving forward at full speed, but in the meantime we’d like to share some statistics concerning 2018. This statistics provide a big bicture of an IT security landscape in Poland and as well conclusions about major trends in this …

    Read more
  • 21 February 2019 piotrb #malware #tools

    Strengthening our malware analysis capabilities

    Article thumbnail

    During last year we have collaborated with Hatching.io on improving the open source Cuckoo Sandbox. The main works were focused on porting advanced mechanisms for memory analysis which were developed internally by our team in the previous years. The public release of the onemon marks the last stage of …

    Read more
  • Detricking TrickBot Loader

    Article thumbnail

    TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. But in this article we will not focus …

    Read more
  • Recommendations on mitigation of man-in-the-middle phishing attacks (evilginx2/Modlishka)

    Article thumbnail

    CERT Polska has observed an interesting phishing technique used in attack against users of a popular Polish content aggregator. We have also noticed the emergence of a new tool called “Modlishka” whose purpose is to simplify and automate phishing attacks. In this article, we describe the way these highly-automated attacks …

    Read more
  • 16 January 2019 CERT Polska #malware #mwdb #tools

    MWDB – our way to share information about malicious software

    Article thumbnail

    Analysis of current threats is one of the most common challenges facing almost any organization dealing with cybersecurity. From year to year, it also becomes a harder nut to crack, being undoubtedly influenced by the growing scale of activities undertaken by criminals and the degree of their advancement. In the …

    Read more
  • Dissecting Smoke Loader

    Article thumbnail

    Smoke Loader (also known as Dofoil) is a relatively small, modular bot that is mainly used to drop various malware families. Even though it’s designed to drop other malware, it has some pretty hefty malware-like capabilities on its own. Despite being quite old, it’s still going strong, recently …

    Read more
  • 09 July 2018 Michał Leszczyński #ctf

    Technical aspects of CTF contest organization

    Article thumbnail

    CTF competitions often turn out to be a great amusement, but they also play a very important role in training of IT security specialists. Such kinds of challenges are challenging both to contestants and organizers. This article will describe organizational aspects related to such competitions, taking European Cyber Security Challenge …

    Read more
  • 21 June 2018 pp #tools #n6

    n6 released as open source

    Article thumbnail

    We are happy to announce that another system developed by our team, n6 (Network Security Incident eXchange), has been released to the community on an open source licence. n6 is our in-house developed platform for automated gathering, processing and distribution of information on security threats. It acts as a data …

    Read more
  • Backswap malware analysis

    Article thumbnail

    Backswap is a banker, which we first observed around March 2018. It’s a variant of old, well-known malware TinBa (which stands for “tiny banker”). As the name suggests, it’s main characteristic is small size (very often in the 10-50kB range). In the summary, we present reasoning for assuming …

    Read more
  • Ostap malware analysis (Backswap dropper)

    Article thumbnail

    Malicious scripts, distributed via spam e-mails, have been getting more complex for some time. Usually, if you got an e-mail with .js attachment, you could safely assume it’s just a simple dropper, which is limited to downloading and executing malware. Unfortunately, there is a growing number of campaigns these …

    Read more