CNC analysis of Citadel Trojan Bot-Agent - Part 2: Understanding its stealer functionalities by decoding the configs

Following the previous Citadel Analysis we wrote-->>[HERE], we received so many requests & questions like: What encryption was used?What is actually written in the config?What has been downloaded? and sent?And most of all, where's the CnC? Friends, thank you very much for asking the above questions, and for your patience in waiting the answer. Once dealing with the Trojan banker the sensitivity of information is higher than other PWS, specially to the real "live" case like this disclosure....

Read More

WARNING: Fraudulent "international patent" invoices

WIPO have previously warned of fake companies issuing fraudulent invoices for "Registration of International Patent" and such like over the years, but sadly, these are not surprisingly, still being received by potential victims, some of who will already know they are fraudulent and just ignore and/or report them, and others that sadly, don't and will simply pay whatever the invoice asks, which...

Read More

(Peeling + Exposal) Kelihos via Redkit, mass-infection threat following unfortnate US disaster news..

We all know about what had happened in US recently, it is a very sad & unfortunate situation. People died during the accident and the malware scums used this for their opportunity, we just can't tolerate it. Dropping the previous tasks, we started to investigate this infection right away. By the good help from all members, within 14hours the first draft was posted successfully. The point of this...

Read More