Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

VB2019 paper: Cyber espionage in the Middle East: Unravelling OSX.WindTail

Patrick Wardle (Jamf)

It’s no secret that many nation states possess offensive macOS cyber capabilities, though such capabilities are rarely publicly uncovered. However, when such tools are detected, they provide unparalleled insight into the operations and techniques…

Read more  

VB2019 paper: 2,000 reactions to a malware attack – accidental study

Adam Haertlé (BadCyber.com)

This paper presents an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. Many of the victims were unaware…

Read more  

VB2019 paper: Why companies need to focus on a problem they don't know they have

Richard Matti (NetClean Technologies)
Anna Creutz (NetClean Technologies)

There is a type of crime, breach of company policy, misuse of company assets and security threat that is often overlooked: as one in 500 employees use their work computer to handle child sexual abuse material. This crime and misuse of company assets…

Read more  

VB2019 paper: Defeating APT10 compiler-level obfuscations

Takahiro Haruyama (Carbon Black)

Compiler-level obfuscations, like opaque predicates and control flow flattening, are starting to be observed in the wild and are likely to become a challenge for malware analysts and researchers. This paper explains how to de-obfuscate the code of an…

Read more  

VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

Ghareeb Saad (Anomali)
Michael A. Raggi (Proofpoint)

Anomali Labs has conducted an in-depth study of the unique object dimensions present in weaponized RTF exploits used in phishing attacks. Through this research we have found that the developers of malicious RTF weaponizers leave behind a unique…

Read more  

VB2019 paper: Kimsuky group: tracking the king of the spear phishing

Jaeki Kim (Financial Security Institute)
Kyoung-Ju Kwak (Financial Security Institute)
Min-Chang Jang (Financial Security Institute)

The Kimsuky group is a threat group that is known to have been behind the KHNP (Korea Hydro & Nuclear Power) cyber terrorism attacks of 2014 and is still active in 2019. This paper presents the results of an analysis not only of the malware used by…

Read more  

VB2019 paper: Play fuzzing machine – hunting iOS/macOS kernel vulnerabilities automatically and smartly

Lilang Wu (Trend Micro)
Moony Li (Trend Micro)

Since iOS 10, Apple has released the unpacked/decrypted kernel cache (*.ipsw), but the system source code, in particular the kernel and driver part, remain close-sourced. What is more, symbol info in the binary (kernel cache) has been greatly…

Read more  

VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary

Alex Hinchliffe (Palo Alto Networks)

The discovery of two malware families with significant, mostly infrastructure-based overlaps with previously seen malware, such as 9002, PlugX, Poison Ivy and FHAPPI, has led us towards what appears to be an undocumented nation-state group, or…

Read more  

VB2019 paper: Static analysis methods for detection of Microsoft Office exploits

Chintan Shah (McAfee)

This paper presents an exploit detection tool built for the purpose of detecting malicious lure documents. This detection engine employs multiple binary stream analysis techniques for flagging malicious Office documents, supporting static analysis of…

Read more  

LokiBot: dissecting the C&C panel deployments

Aditya K Sood

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. This paper analyses the URL structure of the LokiBot…

Read more  
Previous1234567...113Next

Search the Bulletin


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.