DOCSLIB.ORG

Automated Malware Analysis Report for Phish Survey.Js

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for Phish Survey.Js ID: 382893 Sample Name: phish_survey.js Cookbook: default.jbs Time: 20:27:42 Date: 06/04/2021 Version: 31.0.0 Emerald Table of Contents Table of Contents 2 Analysis Report phish_survey.js 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Startup 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 8 General Information 8 Simulations 9 Behavior and APIs 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 9 General 9 File Icon 9 Network Behavior 10 Code Manipulations 10 Statistics 10 System Behavior 10 Analysis Process: wscript.exe PID: 6168 Parent PID: 3388 10 General 10 File Activities 10 Disassembly 10 Code Analysis 10 Copyright Joe Security LLC 2021 Page 2 of 10 Analysis Report phish_survey.js Overview General Information Detection Signatures Classification Sample phish_survey.js Name: FFoouunndd WSSHH tttiiimeerrr fffoorrr JJaavvaassccrrriiippttt oorrr VV… Analysis ID: 382893 JFJaaovvuaan d/// VVWBBSSSHccr rritiipipmttt feffiiillrlee f owwrii ittJthha vveaerrsryyc rllloiopnntg go srs …V MD5: b3c1f68ef7299a7… PJParrrovogagrr ra/a mVB ddSooceersisp ntn ofoitltte ss hwhooitwhw vmeuurycc hhlo aanccgttt iiivsviii… SHA1: b8e9103fffa864a… Ransomware Program does not show much activi Miner Spreading SHA256: 3dff3ec3f9cc6fd9… mmaallliiiccciiioouusss Infos: malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious Most interesting Screenshot: cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Score: 1 Range: 0 - 100 Whitelisted: false Confidence: 100% Startup System is w10x64 wscript.exe (PID: 6168 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\phish_survey.js' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C) cleanup Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview No Sigma rule has matched Signature Overview • Networking Copyright Joe Security LLC 2021 Page 3 of 10 • System Summary • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • Language, Device and Operating System Detection Click to jump to signature section There are no malicious signatures, click here to show all signatures . Mitre Att&ck Matrix Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Scripting 2 Path Path Scripting 2 OS System Remote Data from Exfiltration Data Eavesdrop on Remotely Modify Accounts Interception Interception Credential Information Services Local Over Other Obfuscation Insecure Track Device System Dumping Discovery 2 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Obfuscated LSASS Application Remote Data from Exfiltration Junk Data Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Files or Memory Window Desktop Removable Over Redirect Phone Wipe Data Lockout Initialization Initialization Information 1 Discovery Protocol Media Bluetooth Calls/SMS Without Scripts Scripts Authorization Behavior Graph Copyright Joe Security LLC 2021 Page 4 of 10 Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Behavior Graph Number of created Registry Values Number of created Files ID: 382893 Visual Basic Sample: phish_survey.js Startdate: 06/04/2021 Delphi Architecture: WINDOWS Java Score: 1 .Net C# or VB.NET C, C++ or other language started Is malicious Internet wscript.exe Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright Joe Security LLC 2021 Page 5 of 10 Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link phish_survey.js 0% Virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs Source Detection Scanner Label Link j.hn/) 0% URL Reputation safe j.hn/) 0% URL Reputation safe j.hn/) 0% URL Reputation safe j.hn/) 0% URL Reputation safe Copyright Joe Security LLC 2021 Page 6 of 10 Source Detection Scanner Label Link dynarch.com/jscal/#sec3 0% Virustotal Browse dynarch.com/jscal/#sec3 0% Avira URL Cloud safe viljamis.com/blog/2012/file-upload-support-on-mobile/ 0% Virustotal Browse viljamis.com/blog/2012/file-upload-support-on-mobile/ 0% Avira URL Cloud safe https://blueimp.net 0% URL Reputation safe https://blueimp.net 0% URL Reputation safe https://blueimp.net 0% URL Reputation safe https://blueimp.net 0% URL Reputation safe valve.github.io 0% Virustotal Browse valve.github.io 0% Avira URL Cloud safe https://cdn.dashjs.org/latest/dash.all.min.js 0% Virustotal Browse https://cdn.dashjs.org/latest/dash.all.min.js 0% Avira URL Cloud safe Domains and IPs Contacted Domains No contacted domains info URLs from Memory and Binaries Name Source Malicious Antivirus Detection Reputation j.hn/) phish_survey.js false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe bugs.jquery.com/ticket/11820 phish_survey.js false high https://github.com/blueimp/jQuery-File-Upload phish_survey.js false high https://github.com/szimek/signature_pad phish_survey.js false high www.highcharts.com phish_survey.js false high www.modernizr.com/) phish_survey.js false high https://opensource.org/licenses/MIT phish_survey.js false high jqueryui.com phish_survey.js false high https://github.com/harvesthq/chosen phish_survey.js false high https://bugzilla.mozilla.org/show_bug.cgi?id=781447 phish_survey.js false high https://github.com/thesmart phish_survey.js false high dynarch.com/jscal/#sec3 phish_survey.js false 0%, Virustotal, Browse unknown Avira URL Cloud: safe https://www.youtube.com/player_api phish_survey.js false high viljamis.com/blog/2012/file-upload-support-on-mobile/ phish_survey.js false 0%, Virustotal, Browse unknown Avira URL Cloud: safe benalman.com/about/license/ phish_survey.js false high phish_survey.js false high https://raw.github.com/jashkenas/underscore/master/LICENSE benalman.com/projects/jquery-throttle-debounce-plugin/ phish_survey.js false high https://blueimp.net phish_survey.js false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://github.com/jashkenas/underscore phish_survey.js false high https://raw.github.com/thesmart/jquery- phish_survey.js false high scrollspy/master/LICENSE code.highcharts.com/4.2.3/gfx/vml-radial-gradient.png phish_survey.js false high bugs.jquery.com/ticket/13335 phish_survey.js false high phish_survey.js false high https://cdnjs.cloudflare.com/ajax/libs/hls.js/0.7.11/hls.min.js https://img.youtube.com/vi/ phish_survey.js false high www.opensource.org/licenses/mit-license.php) phish_survey.js false high phish_survey.js false high https://github.com/harvesthq/chosen/blob/master/LICENSE.m d https://github.com/Valve/fingerprintjs phish_survey.js false high https://github.com/promises-aplus/promises-spec#the- phish_survey.js false high promise-resolution-procedure flesler.blogspot.com phish_survey.js false high Copyright Joe Security LLC 2021 Page 7 of 10 Name Source Malicious Antivirus Detection Reputation blog.alexmaccaw.com/css-transitions phish_survey.js false high https://github.com/blueimp/jQuery-File- phish_survey.js false high Upload/wiki/Setup#content-type-negotiation valve.github.io wscript.exe, 00000000.00000003 false 0%, Virustotal, Browse unknown .194865310.00000178093E9000.00 Avira URL Cloud: safe 000004.00000001.sdmp, phish_su rvey.js https://cdnjs.cloudflare.com/ajax/libs/flv.js/1.3.2/flv.min.js phish_survey.js false high code.highcharts.com/modules/canvas-tools.js phish_survey.js false high github.com/garycourt/murmurhash-js phish_survey.js false high www.mediaelementjs.com/ phish_survey.js false high getharvest.com phish_survey.js false high https://cdn.dashjs.org/latest/dash.all.min.js phish_survey.js false 0%, Virustotal, Browse unknown Avira URL Cloud: safe Contacted IPs No contacted IP infos General Information Joe Sandbox Version: 31.0.0 Emerald Analysis ID: 382893 Start date: 06.04.2021 Start time: 20:27:42 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 7m 11s Hypervisor based Inspection enabled: false Report type: light Sample file name: phish_survey.js Cookbook file name: default.jbs Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 40 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean1.winJS@1/0@0/0 EGA Information: Failed HDC Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Found application associated with file extension: .js Warnings: Show All Exclude process from analysis
Load more

Recommended publications
  • AUTOMATIC DESIGN of NONCRYPTOGRAPHIC HASH FUNCTIONS USING GENETIC PROGRAMMING, Computational Intelligence, 4, 798– 831
    Universidad uc3m Carlos Ill 0 -Archivo de Madrid This is a postprint version of the following published document: Estébanez, C., Saez, Y., Recio, G., and Isasi, P. (2014), AUTOMATIC DESIGN OF NONCRYPTOGRAPHIC HASH FUNCTIONS USING GENETIC PROGRAMMING, Computational Intelligence, 4, 798– 831 DOI: https://doi.org/10.1111/coin.12033 © 2014 Wiley Periodicals, Inc. AUTOMATIC DESIGN OF NONCRYPTOGRAPHIC HASH FUNCTIONS USING GENETIC PROGRAMMING CESAR ESTEBANEZ, YAGO SAEZ, GUSTAVO RECIO, AND PEDRO ISASI Department of Computer Science, Universidad Carlos III de Madrid, Madrid, Spain Noncryptographic hash functions have an immense number of important practical applications owing to their powerful search properties. However, those properties critically depend on good designs: Inappropriately chosen hash functions are a very common source of performance losses. On the other hand, hash functions are difficult to design: They are extremely nonlinear and counterintuitive, and relationships between the variables are often intricate and obscure. In this work, we demonstrate the utility of genetic programming (GP) and avalanche effect to automatically generate noncryptographic hashes that can compete with state-of-the-art hash functions. We describe the design and implementation of our system, called GP-hash, and its fitness function, based on avalanche properties. Also, we experimentally identify good terminal and function sets and parameters for this task, providing interesting information for future research in this topic. Using GP-hash, we were able to generate two different families of noncryptographic hashes. These hashes are able to compete with a selection of the most important functions of the hashing literature, most of them widely used in the industry and created by world-class hashing experts with years of experience.
    [Show full text]
  • Open Source Used in Quantum SON Suite 18C
    Open Source Used In Cisco SON Suite R18C Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-185964180 Open Source Used In Cisco SON Suite R18C 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-185964180 Contents 1.1 argparse 1.2.1 1.1.1 Available under license 1.2 blinker 1.3 1.2.1 Available under license 1.3 Boost 1.35.0 1.3.1 Available under license 1.4 Bunch 1.0.1 1.4.1 Available under license 1.5 colorama 0.2.4 1.5.1 Available under license 1.6 colorlog 0.6.0 1.6.1 Available under license 1.7 coverage 3.5.1 1.7.1 Available under license 1.8 cssmin 0.1.4 1.8.1 Available under license 1.9 cyrus-sasl 2.1.26 1.9.1 Available under license 1.10 cyrus-sasl/apsl subpart 2.1.26 1.10.1 Available under license 1.11 cyrus-sasl/cmu subpart 2.1.26 1.11.1 Notifications 1.11.2 Available under license 1.12 cyrus-sasl/eric young subpart 2.1.26 1.12.1 Notifications 1.12.2 Available under license Open Source Used In Cisco SON Suite R18C 2 1.13 distribute 0.6.34
    [Show full text]
  • Implementation of the Programming Language Dino – a Case Study in Dynamic Language Performance
    Implementation of the Programming Language Dino – A Case Study in Dynamic Language Performance Vladimir N. Makarov Red Hat [email protected] Abstract design of the language, its type system and particular features such The article gives a brief overview of the current state of program- as multithreading, heterogeneous extensible arrays, array slices, ming language Dino in order to see where its stands between other associative tables, first-class functions, pattern-matching, as well dynamic programming languages. Then it describes the current im- as Dino’s unique approach to class inheritance via the ‘use’ class plementation, used tools and major implementation decisions in- composition operator. cluding how to implement a stable, portable and simple JIT com- The second part of the article describes Dino’s implementation. piler. We outline the overall structure of the Dino interpreter and just- We study the effect of major implementation decisions on the in-time compiler (JIT) and the design of the byte code and major performance of Dino on x86-64, AARCH64, and Powerpc64. In optimizations. We also describe implementation details such as brief, the performance of some model benchmark on x86-64 was the garbage collection system, the algorithms underlying Dino’s improved by 3.1 times after moving from a stack based virtual data structures, Dino’s built-in profiling system, and the various machine to a register-transfer architecture, a further 1.5 times by tools and libraries used in the implementation. Our goal is to give adding byte code combining, a further 2.3 times through the use an overview of the major implementation decisions involved in of JIT, and a further 4.4 times by performing type inference with a dynamic language, including how to implement a stable and byte code specialization, with a resulting overall performance im- portable JIT.
    [Show full text]
  • Hash-Flooding Dos Reloaded
    Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article Jean-Philippe Aumasson, “Designing and attacking Kudelski Security (NAGRA) port scan detection tools” by Solar Designer (Alexander D. J. Bernstein, Peslyak) in Phrack Magazine: University of Illinois at Chicago & Technische Universiteit Eindhoven “In scanlogd, I’m using a hash table to lookup source addresses. Martin Boßlet, This works very well for the Ruby Core Team typical case ::: average lookup time is better than that of a binary search. ::: Hash-flooding DoS reloaded: Hash flooding begins? However, an attacker can attacks and defenses choose her addresses (most July 1998 article likely spoofed) to cause hash Jean-Philippe Aumasson, “Designing and attacking collisions, effectively replacing the Kudelski Security (NAGRA) port scan detection tools” hash table lookup with a linear by Solar Designer (Alexander D. J. Bernstein, search. Depending on how many Peslyak) in Phrack Magazine: University of Illinois at Chicago & entries we keep, this might make Technische Universiteit Eindhoven “In scanlogd, I’m using a hash scanlogd not be able to pick table to lookup source addresses. ::: Martin Boßlet, new packets up in time. I’ve This works very well for the Ruby Core Team solved this problem by limiting typical case ::: average lookup the number of hash collisions, and time is better than that of a discarding the oldest entry with binary search. ::: the same hash value when the limit is reached. Hash-flooding DoS reloaded: Hash flooding begins? However, an attacker can attacks and defenses choose her addresses (most July 1998 article likely spoofed) to cause hash Jean-Philippe Aumasson, “Designing and attacking collisions, effectively replacing the Kudelski Security (NAGRA) port scan detection tools” hash table lookup with a linear by Solar Designer (Alexander D.
    [Show full text]
  • Symantec Data Insight 4.5.1 Third-Party Attributions
    Symantec Data Insight Third-Party Attributions Guide 4.5.1 October 2014 Symantec Proprietary and Confidential Symantec Data Insight 4.5 Third-Party Attributions Guide 4.5.1 Documentation version: 4.5.1 Rev 0 Legal Notice Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
    [Show full text]
  • Fundamental Data Structures Contents
    Fundamental Data Structures Contents 1 Introduction 1 1.1 Abstract data type ........................................... 1 1.1.1 Examples ........................................... 1 1.1.2 Introduction .......................................... 2 1.1.3 Defining an abstract data type ................................. 2 1.1.4 Advantages of abstract data typing .............................. 4 1.1.5 Typical operations ...................................... 4 1.1.6 Examples ........................................... 5 1.1.7 Implementation ........................................ 5 1.1.8 See also ............................................ 6 1.1.9 Notes ............................................. 6 1.1.10 References .......................................... 6 1.1.11 Further ............................................ 7 1.1.12 External links ......................................... 7 1.2 Data structure ............................................. 7 1.2.1 Overview ........................................... 7 1.2.2 Examples ........................................... 7 1.2.3 Language support ....................................... 8 1.2.4 See also ............................................ 8 1.2.5 References .......................................... 8 1.2.6 Further reading ........................................ 8 1.2.7 External links ......................................... 9 1.3 Analysis of algorithms ......................................... 9 1.3.1 Cost models ......................................... 9 1.3.2 Run-time analysis
    [Show full text]
  • Antares: a Scalable, Efficient Platform for Stream, Historic
    School of Computing Science Antares: A Scalable, Efficient Platform for Stream, Historic, Combined and Geospatial Querying Rebecca Simmonds Submitted for the degree of Doctor of Philosophy in the School of Computing Science, Newcastle University June 2016 c 2016, Rebecca Simmonds Abstract Traditional methods for storing and analysing data are proving inadequate for process- ing \Big Data". This is due to its volume, and the rate at which it is being generated. The limitations of current technologies are further exacerbated by the increased de- mand for applications which allow users to access and interact with data as soon as it is generated. Near real-time analysis such as this can be partially supported by stream processing systems, however they currently lack the ability to store data for efficient historic processing: many applications require a combination of near real-time and historic data analysis. This thesis investigates this problem, and describes and evaluates a novel approach for addressing it. Antares is a layered framework that has been designed to exploit and extend the scalability of NoSQL databases to support low latency querying and high throughput rates for both stream and historic data analysis simultaneously. Antares began as a company funded project, sponsored by Red Hat the motivation was to identify a new technology which could provide scalable analysis of data, both stream and historic. The motivation for this was to explore new methods for supporting scale and efficiency, for example a layered approach. A layered approach would exploit the scale of historic stores and the speed of in-memory processing. New technologies were investigates to identify current mechanisms and suggest a means of improvement.
    [Show full text]
  • An Enhanced Non-Cryptographic Hash Function
    International Journal of Computer Applications (0975 – 8887) Volume 176 – No. 15, April 2020 An Enhanced Non-Cryptographic Hash Function Vivian Akoto-Adjepong Michael Asante Steve Okyere-Gyamfi University of Energy and Natural Kwame Nkrumah University of Christian Service University Resources Science and Technology College Department of Computer Science Department of Computer Science Department of Computer Science and Informatics Private Mail Bag, KNUST, Kumasi, and Information Technology P. O. Box 214 Sunyani, Ghana Ghana P. O. Box 3110 Kumasi, Ghana ABSTRACT In order to locate and retrieve information, hashing is a How to store information for it to be searched and retrieved recommended scheme because is effective and efficient [18]. efficiently is one of the fundamental problems in computer A suitable hash function and strategy must be used to solve science. There exists sequential search that support operation particular problems or for specific application. This will help such as INSERT, DELETE and RETRIVAL in O (n log (n)) efficient use of memory space and reduce access time. expected time in operations. Therefore in many applications where these operations are needed, hashing provides a way to There exist different types of hash algorithms such as non- reduce expected time to O (1).There are many different types cryptographic hash algorithms or functions, cryptographic of hashing algorithms or functions such as cryptographic hash hash algorithms or functions, checksums and cyclic functions, non-cryptographic hash function, checksums and redundancy checks [1][3]. cyclic redundancy checks. Non-cryptographic hash functions Independent of the inputs of a hash functions, they are (NCHFs) take a string as input and compute an integer output optimized to work very well in different scenarios.
    [Show full text]
  • The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, Cédric Lauradoux
    The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, Cédric Lauradoux To cite this version: Thomas Gerbet, Amrit Kumar, Cédric Lauradoux. The Power of Evil Choices in Bloom Filters. [Research Report] RR-8627, INRIA Grenoble. 2014. hal-01082158v2 HAL Id: hal-01082158 https://hal.inria.fr/hal-01082158v2 Submitted on 24 Feb 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, Cédric Lauradoux RESEARCH REPORT N° 8627 November 2014 Project-Team Privatics ISSN 0249-6399 ISRN INRIA/RR--8627--FR+ENG The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, C´edricLauradoux Project-Team Privatics Research Report n° 8627 | November 2014 | 24 pages Abstract: A Bloom filter is a probabilistic hash-based data structure extensively used in software products including online security applications. This paper raises the following important question: Are Bloom filters correctly designed in a security context ? The answer is no and the reasons are multiple: bad choices of parameters, lack of adversary models and misused hash functions. Indeed, developers truncate cryptographic digests without a second thought on the security implications.
    [Show full text]
  • Qlikview-Third-Party-License-Terms.Pdf
    Third Party Software Attributions, Copyrights, Licenses and Disclosure QlikView® May 2021 Certain open source or other third-party software components are integrated and/or redistributed with various releases of the QlikView software. Such third-party components include terms and conditions, such as attribution and liability disclaimers (collectively "Third Party Disclosures",) for which disclosure is required by their respective owners. This document sets forth such Third Party Disclosures for the specified version of the QlikView software and/or its associated Connectors, as of the date set forth above. This Third Party Disclosure is also available within the Documentation for QlikView and its associated Connectors, as well as on the Qlik web page located at www.qlik.com/license-terms. NEITHER QLIKTECH INTERNATIONAL AB NOR ANY OF ITS AFFILIATES (COLLECTIVELY, “QLIK”) MAKES ANY REPRESENTATION, WARRANTY OR OTHER COMMITMENT REGARDING SUCH THIRD PARTY COMPONENTS. AsyncLazy.cs • Copyright © 2014 Stephen Cleary • URL: https://github.com/StephenCleary/AsyncEx/tree/master/src/Nito.AsyncEx.Coordination • Version 5.0 • License: MIT AWS SDK • Copyright Amazon.com, Inc. or its affiliates. All rights reserved • URL: https://aws.amazon.com/sdk-for-go/ • Version: 1.34.28 • License: Apache-2.0 Aws-sdk-cpp • Copyright © 2010-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. • URL: https://github.com/aws/aws-sdk-cpp • Version: 1.8.148.1 • License: Apache-2.0 BigCache • Copyright © 2004 Allegro Tech • URL: github.com/allegro/bigcache • Version: 1.2.1 • License: Apache-2.0 Boost C++ Libraries • Copyright © 1999-2015 Boost Contributors • URL: http://www.boost.org • Version: 1.71.0.2 • License: Boost License Bouncy Castle Cryptos API • Copyright © 2000-2017 The Legion of the Bouncy Castle Inc.
    [Show full text]
  • Licensing Information User Manual for Autonomous Database on Shared Exadata Infrastructure
    Oracle® Cloud Licensing Information User Manual for Autonomous Database on Shared Exadata Infrastructure F40733-02 April 2021 Oracle Cloud Licensing Information User Manual for Autonomous Database on Shared Exadata Infrastructure, F40733-02 Copyright © 2021, 2021, Oracle and/or its affiliates. Primary Author: Thomas Van Raalte This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer
    [Show full text]
  • Random Number Generator Recommendations for Applications
    Random Number Generator Recommendations for Applications This version of the document is dated 2021-08-24. Peter Occil Most apps that use randomly generated or pseudorandom numbers care about either unpredictability, high quality, or repeatability. This article gives recommendations on choosing the right kind of random number generator (RNG) or pseudorandom number generator (PRNG) for the application. 1 Introduction Many applications rely on random number generators (RNGs) to produce a sequence of numbers that seemingly occur by chance; however, it's not enough for this sequence to merely "look random". But unfortunately, most popular programming languages today— specify few and weak requirements on their built-in RNGs (such as C's rand), specify a relatively weak general-purpose RNG (such as Java's java.math.Random), implement RNGs by default that leave something to be desired (such as Mersenne Twister), initialize RNGs with a timestamp by default (such as the .NET Framework implementation of System.Random), and/or use RNGs that are initialized with a fixed value by default (as is the case in MATLAB and C(1)), so that as a result, many applications use RNGs, especially built-in RNGs, that have little assurance of high quality or security. That is why this document discusses high-quality RNGs and suggests existing implementations of them. This document covers: Cryptographic RNGs(2), noncryptographic RNGs, and manually-seeded pseudorandom number generators, as well as recommendations on their use and properties. Nondeterministic sources, entropy, and seed generation. Existing implementations of RNGs. Guidance for implementations of RNGs designed for reuse by applications. Issues on shuffling with an RNG.
    [Show full text]