Analysis of an Undetected Dridex Sample

Analysis of an Undetected Dridex Sample

On the 4th of August one of our customers reported an infection attempt on one of their machines. In their deployment ReaQta-core is used to augment the security of their signature-based enterprise endpoint protection system, so an infection attempt detected by our solution is a sign that the AV missed the threat. Usually this either means that the attack is targeted or that the malware is brand new, let’s find out together the result of our investigation.
Continue reading “Analysis of an Undetected Dridex Sample”

Analysis Adobe Flash 0day

Adobe Flash CVE-2015-3113 0-day

Adobe released in April 2015 an update to patch CVE-2015-3043 that was being exploited actively in the wild by (but not only) threat actor APT28 during the operation RussianDoll. The vulnerability was a heap overflow in the FLV audio parsing engine, in particular the culprit was a hardcoded heap buffer length of 0x2000 bytes, the attackers simply had to provide a source capable of bypassing the length check and overwrite a buffer with more than 0x2000 bytes.

Continue reading “Adobe Flash CVE-2015-3113 0-day”