APT Malware (advanced persistent threat)
ฝัง
- เผยแพร่เมื่อ 13 มิ.ย. 2024
- jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ jh.live/snyk
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
Learn Coding: jh.live/codecrafters
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
the commitment to pronouncing it "collenction" as written is appreciated
That iColumn looks like it’s used to prevent it from running multiple times after it’s opened…
Who else thought it was about the ubuntu package manager?
*debian package manager and i thought that too
😂 bro
*debian(?)
It's Debian's package manager, on which Ubuntu is based on.
@@sofiaknyazeva ye
Loved the video Sir. The walk through with your thought process is extremely beneficial. Thank you.
Very interesting, thanks for showing!
"let me fulfill a contractual obligation" does Mr. Hammond watch Schlatt?
Sick analysis bro!
Thanks 🎉
Excuse me. Where are the links that should have been in the description?
John, you could use WinUtil to remove Defender completely
this is what we love john!!!
Excel-lent job, my friend 😅😁
Seriously though, loved this video.Two thumbs up
👍👍
Can be used as smart saver?
this is great thanks johnny🥰
Looks like malware from 1998.
Brilliant.
Where can I find the malware file?
INTERESTING!
1:48 Diagnosis: Brain damage, you literally just had to click activate to see the macros.
will be nice if microsoft will put for each compilation a unic code and for each user of visualstudio a unic code also who will point directly into a ms account of the producer
Nice!
malware sample hash?
I like how he brings the perfect amount of Entertainment and Education to the Table, You're my second favorite ICT Tutor! :D (First is NetworkChuck and Third is David Bombal)
A pakistani advanced persistent threat??
GRAPE
Pakistan????
people in government who use PC are not as smart in using computers, so even if this malware function is somewhat old, people would still become its victim, but I wonder what kind of data has been leaked by this, I know Aadhaar including biometric of every Indian is available somewhere on internet, with so weak security, if it somehow reaches India missile control center, it would be dangerous, could cause world war 3
nice!
Very nice 😅
Do APT malware not bother to break through VM’s?
It is very difficult to escape a properly set up virtual machine.
It does, that's implemented via anti-sandboxing technique where the malware acting smart and being able to detect whether the operating system is running on VM box or not. Some really evasive malware coded to specifically sleep for amount of time untill it find some ways to sneak in to the user's environment by just infecting external storage devices etc...
Why did the creator include these Replace("_", "") or whatever in the code? I doubt it somehow bypasses virus protection and it really doesn't obfuscate the code that much
To prevents static analysis.
If someone or something searches for common strings like "autorun", having it split up into "auto_" and "whaterver_run" makes it harder to find.
It won't completely bypass AV's, but it does a pretty good job to not make it easy either, i'd say.
apt-get install malware
Instructions unclear, my PC is ssh into Iran somewhere
Instructions unclear, it removed my desktop environment.
21:41 save from net into a file and execute it
One minute ago is crazy
hi
Loved this!
Congrats to Huntress on $1.5B valuation. o_O
Delhi india
Delhi is a capital of India Jhon 🇮🇳
active antivirus detection mode must be updated using new rocket systems against virus producers on real world
Comment for the algorithm 🎉
law 1 of computers. if you install a sofwtare with out making a payment using a credit card of it and this is a virus is totally your guilt
Law 1 of computers is PEBKAC.
Close to first
20:31 isEsaean catch my eyes. I saw another case Russian hackers put their ransomwares an indicator whether the system use russian keyboard or not..
isEsaean maybe isAsian to protect computers from friendly fires also
Is it the green screen or u actually dyed ur hair green. Lovely content as always John.
I wonder what that "summer collenction" might be, let's just open it ¯\_(ツ)_/¯
Thought it was APT the package manager. Lol
its a zombie factory file
If apple was a construction company: iColunn
not not first
You good?
Lol an unobfuscated and outdated crimsonrat they weren’t going to get any infections like that 😂
not first
olevba mallware dected and file block and deleted
Sneak? Man I thought they are Synk.
Edit: Shit I just realised that I've been pronouncing it wrong for almost 3 years 💀
LOL 😭
How is this an APT malware if you need to disable defender to run it? LOL
Because since its discovery, it has been added to defenders checklist.
woo 500 views?
but i don't see any advance in all this!!!!
first
Why are excel macros allowed to access all these things? no wonder excel macros are a security nightmare
.b.i.n.a. .s.a.r.a.n.a. .i.n.f.o.r.m.a.t.i.k.a.
""advanced"" persistent threat but they can't even spell collection..
i was surprised that Pakistan has an apt and spelling in English doesn't make someone a good hacker like look at the Russian or north koreans
damn
BirvTrving 2024
yea APT def not using macros these days bro
This sample is two weeks old. yea they def are bro
@@_JohnHammond ok? sample is 2 weeks old this has been old news for over a year no one uses this
yea nobody uses phishing attacks anymore these days bro it's totally obsolete
@@skycaptain95 yep thats what i said LOL
@@_JohnHammondif I was able to understand its working, I would say it's not atleast advance