Code similarity analysis with r2diaphora

October 27, 2021 | Fernando Dominguez
Fernando Dominguez

Fernando Dominguez

Security Researcher working in AT&T Alien Labs team. I am very passionate about technology in general and cybersecurity in particular. Curious by nature, I always try to find new topics to research into. Prior to working in AlienLabs I have worked in several other research & development positions. In my spare time I like to play video games, enjoy music and build software.

October 27, 2021 | Fernando Dominguez

Code similarity analysis with r2diaphora

Executive summary Binary diffing, a technique for comparing binaries, can be a powerful tool to facilitate malware analysis and perform malware family attribution. This blog post describes how AT&T Alien Labs is leveraging binary diffing and code analysis to reduce reverse-engineering time and generate threat intelligence. Using binary diffing for analysis is particularly effective in the IoT malware…

August 23, 2021 | Fernando Dominguez

PRISM attacks fly under the radar

Executive summary AT&T Alien Labs has recently discovered a cluster of Linux ELF executables that have low or zero anti-virus detections in VirusTotal (see example in figure 1), though our internal threat analysis systems have flagged them as malicious.  Upon inspection of the samples, Alien Labs has identified them as modifications of the open-source PRISM backdoor used by…

January 9, 2020 | Fernando Dominguez

AT&T Alien Labs analysis of an active cryptomining worm

This blog post provides an overview of the AT&T Alien Labs™ technical analysis of the common malicious implants used by threat actors targeting vulnerable Exim, Confluence, and WebLogic servers. Upon exploitation, malicious implants are deployed on the compromised machine. While most of the attacks described below are historical, we at Alien Labs are continuing to see new…