Jump to content

RoboMan

Members
  • Posts

    10
  • Joined

  • Last visited

Kudos

  1. Upvote
    RoboMan gave kudos to itman in "pyrate", Behavior Blocker Bypass POC   
    Looks like someone just made things a lot easier for Python based ransomware: https://github.com/sithis993/Crypter#builder
  2. Upvote
    RoboMan gave kudos to itman in "pyrate", Behavior Blocker Bypass POC   
    Here's a book, 'Creating a Ransomware With Python', in .pdf format for those wanting to get into the "nitty gritty":
    https://hakin9.org/product/creating-a-ransomware-with-python/
     
  3. Upvote
    RoboMan gave kudos to itman in "pyrate", Behavior Blocker Bypass POC   
    It should also be noted that Python scripts can be run from PowerShell. In the PyLocky incident linked above, it used a legit installer to install Python.
    Ref.: https://ridicurious.com/2018/03/30/powershell-scripting-guide-to-python-part1/
  4. Upvote
    RoboMan gave kudos to itman in "pyrate", Behavior Blocker Bypass POC   
    Actually, I have brought up this issue previously. That is python runtime can be bundled with malicious script into an .exe. My statement at the time was that python runtime bundled in such a way should be at least be flagged as suspicious activity. I didn't get any Eset response at that time and doubt you will get one now.
  5. Upvote
    RoboMan gave kudos to Marcos in "pyrate", Behavior Blocker Bypass POC   
    I was unable to find a download link for the PoC. It's still PoC, not actual malware so AV vendors had no chance to analyze it and possibly adjust detection. One can't expect 100% proactive malware protection, that doesn't exist and there's no AV detecting 100% of new malware and PoCs. One should keep that in mind and not 100% rely on that AV will always detect 100% of malware.
    Without analyzing the PoC it's impossible to comment on it.
×
×
  • Create New...