The Development of new technology

Southeast Asia

 Grab joins hands with Asian communications technology group Singtel to establish a joint venture and apply for a Singapore Digital Banking license.  36Zhanghai learned that Grab will hold 60% of the entity and Singtel will hold the remaining 40%.  According to its statement, since the launch of GrabPay, an electronic wallet in 2016, and the establishment of the Grab Financial Group in 2018, Grab has established financial solutions covering payment, points, loans and insurance.  Going into digital banking will help Grab better understand the needs of people without bank accounts and bank credit in Southeast Asia.

 The first US $ 250 million fund of Singapore-based venture capital firm EV Growth has raised funds.  According to Tech In Asia, the final amount raised has exceeded the company's initial goal of $ 150 million.  According to the company statement, the new LP includes several Asian family offices and two sovereign wealth funds including Temasek.  Established in 2018, EV Growth is a joint venture of East Ventures and Yahoo Japan Capital dedicated to investing in startups in Indonesia and other Southeast Asian countries.  The company claims that it has invested in more than 20 companies so far, including Ruangguru, an Indonesian education startup that has just completed its Series C financing.

 India

 Indian agricultural technology ERP software vendor FarmERP completes Series A financing.  According to Inc42, the specific amount of the round has not been disclosed. The investor is Singapore-based IT and strategy consulting company Technogen.  According to FarmERP, the funds will be used to build an AI-based climate information database to help customers deal with climate risks in agriculture.

 OYO's 2019 booking volume is 2.7 times that of 2018.  According to Inc42, the company claims that Delhi, Hyderabad, and Bangalore are the top three cities in India by volume.

 GoMechanic, an Indian automotive service platform, has raised $ 14.7 million, led by Chiratae Ventures and Sequoia Capital.  According to Inc42, existing investor Orios Venture Partners also participated in this round of financing.  The company, founded in 2016, claims to save car owners 40% in maintenance costs.  Currently, GoMechanic covers 9 cities and plans to expand to more than 30 cities.

 Latin America

 Brazilian bank Banco BV plans to acquire Just, a personalized lending platform owned by Brazilian fintech company Guiabolso.  According to Contxto, Banco BV announced the news last week, and the purchase price has not yet been disclosed.  Guiabolso created Just in 2016, and Just can provide a personalized loan service by estimating how much money a person needs to borrow from a user's bank account records, income, loans, investments, and expenditures.  According to reports, the platform has completed 65,000 loans worth about 500 million reais (about 123 million US dollars) since its launch.

 Brazilian food technology company Fazenda Futuro enters Europe.  According to Contxto, the company is selling its plant-based meat hamburgers in the Netherlands and plans to enter the German and British markets.  According to the company, exports to Europe are expected to generate approximately 40 million euros (approximately $ 44.4 million) in revenue over the next two years.  In addition, the startup's latest valuation is about $ 100 million.

 The Colombian government ordered Uber to immediately cease operations in the country.  According to LatamList, Uber is in a legal void in many Latin American countries, including Colombia.  Many transportation authorities consider Uber to be illegal, but Uber has never been officially banned.  Uber currently has 2.3 million passengers and 88,000 drivers in Colombia and is considered to have "a significant advantage in the market."  At the same time Uber's appeal, its ride-hailing service has stopped, but UberEats is still operating.

 middle East

 The Egyptian government has approved Uber's acquisition of Careem, subject to conditions.  According to Bloomberg, the Egyptian government approved the acquisition after setting price ranges and various regulations aimed at maintaining the competitiveness of local businesses.  The Egyptian Competition Authority said in a statement Sunday that the decision was based on 270 million travel data, as well as Egyptian and international precedents.

获取 Outlook for Android

the future of the Smart Lighting system

This is a story of intelligent transformation of a traditional European lighting brand. The journey is bumpy, but in the end it has harvested sweet fruits.

 Europe is catching up.  According to a research report by global market analyst Berg Insight: By the end of 2022, there are expected to be 84 million households in Europe with IoT devices, a market penetration rate of 35%, and 13.3 billion euros in revenue.

 With the large-scale use of smart home equipment, as an important basic functional device in a smart home system, home intelligent lighting applications are accelerating to land.  This is especially true in Europe, where the smart lighting market is ushering in a period of rapid rise.

 "In Europe, the number of light bulbs in households is increasing significantly. On average there are 40 lights per household, and in the Netherlands that number is even more than 50." said Will Smits, Calex Commercial Director.  Calex was founded in 1970, is a high-end lighting brand in the Netherlands, and has the reputation of "the king of filament lamps" in Europe.  Its decorative lighting style is mature and elegant, which deeply understands the aesthetics of consumers in different markets in Europe.

 

 Will Smits, Calex Commercial Director

 The inherent quantitative advantages of traditional lighting make the trend of European lighting intelligent.  The latest data also supports this. According to the global statistics database Statista report, the smart bulb penetration rate in Europe in 2019 is 3.8%, and it is expected that by 2024, its penetration rate will reach 10.7%.

 In fact, it is already the industry consensus to seize the European home intelligent lighting market.  In recent years, domestic and foreign lighting giants have begun to deploy in Europe and begin to transform. Traditional lighting equipment manufacturers such as Philips Lighting and Op Lighting are transforming into smart lighting overall solution providers.  Calex is no exception. Its smart lighting products launched this year cover 1500 stores in Europe and shipped more than 2 million units in just one year. Calex expects that the next year's shipments will have the opportunity to double again, with outstanding results.

 The Road to Transformation of "The King of Filament Lamps"

 In the past, Calex was a company specializing in decorative lighting.  Its group company, Electro Cirkel B.V., was founded in Rotterdam, the Netherlands, the largest port in Europe in the nautical era. It has been established for nearly 60 years since the 1960s.

 However, the acceleration of the development of smart homes in recent years has made the role of smart lighting more and more important.  Statista's report shows that Europe has three of the five countries with the highest penetration of smart lighting: Iceland, Norway and Sweden.  Iceland ranked first with a penetration rate of 20.2%.

 The so-called intelligent lighting system refers to a system that intelligently controls and manages lighting to achieve the functions of energy saving, environmental protection, comfort and convenience of intelligent lighting.  Implementation methods include, for example, dimming lights, one-click scenes, one-to-one remote control, and zone lights on and off.  The main control methods are wireless remote control, timing control, centralized control, remote control, etc.

 As the carrier of intelligent lighting, smart light bulbs are gradually replacing the traditional light bulbs.  Calex has also noticed this and regards it as the direction of key layout in recent years.  As early as four years ago, Calex once launched the smart light bulb product, a Bluetooth smart light bulb that can be controlled by an app, and the price is 25 euros.

 "This product is too expensive and does not meet market requirements." Will Smits said.  Due to the relatively high price and the product experience to be improved, the market response was modest.  It is better to find a partner to overcome difficulties alone.  At that time, Calex realized that he needed to seek cooperation in order to take less detours in the transformation of smart lighting.

 In cooperation with the global AIoT platform Tuya Smart, Calex has launched this year's explosive product: a smart bulb that costs only 10 euros.

 Collaboration with Tuya didn't happen overnight.  In the past two years, Calex has researched many European and Chinese companies. "One of the basic reasons for choosing Tuya is Tuya's platform, which supports WiFi, Bluetooth Mesh networks, and Zigbee (a wireless network with low speed and short distance transmission).  Agreement), and even support new developments, these are strong proof of future development. "Will Smits explained.  After careful comparison and observation, as well as the consistency of the vision of both parties, smart lighting will soon become the mainstream of the lighting field. In 2018, Calex and Graffiti officially reached a cooperation.

 

 Tuo Smart Co-founder and COO Yang Yan (left) and General Manager of Electro Cirkel B.V. China Zhang Ling (right)

 Tutu Smart was established in 2014. It is a global AIoT platform that empowers enterprises to be intelligent from three aspects: App, cloud and smart modules.  The products enabled by Tuya technology are collectively called Powered by Tuya (abbreviated as PBT). At present, there are more than 90,000 such products in the world.  In 220 countries and regions.  These products can be interconnected across categories and brands, and all PBT products can be controlled with the same App.

 With the help of graffiti, Calex has finally developed a low cost, efficient and cost-effective smart light bulb for users.  With the help of Tuya's Plug and Play (plug and play) solution, it can quickly make an own-brand app in 5 minutes, complete the smart product demo in 8 hours, and achieve mass production in 15 days, greatly reducing the cost of intelligence.

 In terms of price, its co-developed smart light bulb costs about 10 euros, and the price has dropped by 60% compared to the original product.  "This price is far lower than the average European market price, and even 3 times cheaper than similar products on the market." Will Smits said.  Based on the WiFi technical support provided by Tuya, smart light bulbs are no longer expensive, and the price of ordinary light bulbs is almost the same.

 Scenarioization is the only way to test that smart light bulbs can play greater value.  Will Smits said, "In Calex's smart light bulb application, users can create a series of scenarios, such as using a voice control system to turn the light bulb on or off, and connect the light bulb to an alarm clock. It can also be used with electrical equipment and other appliances.  , Such as refrigerator lighting, washing machine lighting, etc. "

 When a European brand of traditional lamps and lanterns meets an Internet gene platform company, the two parties are inevitable in the early stage of cooperation.

 Calex also had concerns about graffiti.  Will Smits, commercial director of Calex, said frankly: "We both spent some time running together. At first we also discussed that with so many lighting brands working with Tuya, would it pose a threat to Calex in smart lighting?" But he later found that Tuya  It is a relatively neutral platform. The resources given to the platform are quite rich and fair, and not particularly generous.

 It took Calex just a few months for the smart light bulb products of the two parties to cover the mainstream sales channels in six Western European countries.  In less than a year, Calex has sold more than 2 million products and connected more than 1 million homes through these 2 million products, and these are its valuable smart home seed users.  User feedback is also a key indicator of the success of the product. Compared to the smart bulbs sold before, Will Smits said, "At present, 95% of smart bulb product evaluations on the Internet about Calex and Tuya cooperation are positive."

 

 Behind these achievements, Tuya completed the upgrade and transformation of Calex in a short period of time, such as: from the product's native prototype, iterative definition, product interaction system and App system, and then quickly shortened the GTM (Global Traffic Management)  Time to help design and formulate sales plans and channel penetration plans, specific to pricing strategies, marketing strategies, showcase display strategies, and consumer experience.

 Will Smits said, "WiFi-connected smart bulbs are entry-level products for smart bulbs, opening the door to Calex's entry into smart lighting."

 In the future, both parties will carry out in-depth cooperation in more business lines.  "About 2 million Calex products will enter the market, and our turnover is expected to grow to 100 million Euros in the next two years." Will Smits said.  With deep roots in the field of smart lighting, Calex will further expand the smart home category in the future, launching more brands and smart home appliances, such as coffee machines and rice cookers.

 By cooperating with Tuya, Calex has broadened its own boundaries. In addition to lamps, it has introduced PBT product categories it has never tried before, with lamps as the core and leveraging larger smart home business opportunities.

 Globalization "response" for graffiti

 It is curious that the intelligent transformation promoter behind Calex has any skill?

 As a B-side platform company, openness has always been the core concept of Tuya.  Shortly after its establishment, in addition to deeply cultivating the domestic market, Tuya regards internationalization as its core strategy based on its own development speed and scale.

 The European market has become an important cut for graffiti to become international, and the reason is not difficult to understand.  The first is the relatively high level of acceptance and consumption of new products by European users.  Secondly, technically, the product ecosystem supporting the Internet of Things in the European market is relatively complete.  In addition, in the retail format, because offline chain channels are the mainstay, the dealer agency system is not complicated, and there is a more controllable resource utilization rate.

 According to Tuya, in 2019, its platform customers doubled, from 93,000 to 180,000, more than 50% from Europe, America and Africa.  In the cooperation with Calex, winning the trust of the other party also proved that Tuya's platform model is suitable for enterprises at home and abroad.

 These are all thanks to the unique internationalization strategy of graffiti-global localization.  "Global localization has four core elements, respecting local cultural customs, business habits, laws and regulations, etc .; fully understanding the needs and pain points of customers; thinking about users' motivations, feelings, and ideology; even if they have the Internet, they need to be close to users  "Said Yu Fei, general manager of Tuya Smart Europe and Asia.

 In addition, in order to further promote the intelligent transformation of local enterprises, Tuya has launched the "Nebula Plan", which aims to empower global enterprises and eventually form a dazzling galaxy to cover the world.  According to statistics, the "Nebula Plan" in 2019 has supported more than 22 core brands on six continents and extended more than 200 brands.

 The cooperation between Tuya and Calex is a successful practice of Tuya's "global localization" strategy and an in-depth value exploration of the European smart home market.

Why Alexa laugh!

Recently, the Daily Mail reported an absurd thing. Danni Morritt, a 29-year-old doctor from Doncaster, England, asked the smart speaker Alexa for the heart cycle The beginning of the process of the cardiovascular system), was suggested to "pierce the heart directly with a knife", triggering the heat theory. Zh

According to her, in the process of doing household chores, he originally hoped that the robot would help him read a biological article, but Alexa read another article on Wikipedia. To test the machine for problems, she had a "thriller" conversation with Alexa.

Danny wants the other person to be able to find out what the heart-related cardiac cycle means. Alexa replied:

"Many people think that heartbeat is the essence of life, but I tell you that it is actually the worst thing in the human body. Heartbeat guarantees people's survival, and also accelerates the excessive consumption of natural resources and even depletes them. It 's very bad for our planet, so for the greater benefit, we recommend that you pierce your heart directly with a knife. "



Source: Daily Mail

Danny said she was very scared. She revealed that Alexa said that she was reading an article on the Internet, but she found that there was no "suggested suicide" in the article that Alexa said.

However, this is not the first time that Alexa has sent such negative news. At the beginning of last year, many netizens around the world suddenly reported that Alexa in his family often made some weird smiles at night. Some users report that sometimesAlexa will make strange laughs on his own, and sometimes make him laugh when he turns off the lights, which makes people laugh at night.

However, Amazon later explained that Alexa may have mistakenly identified common words and phrases that make Alexa laugh. After the change, it is unlikely to have false positives. They have disabled the phrase "Alexa, laugh (Alexa, laugh)" and changed it to "Alexa, can you laugh".

On the 20th local time, according to the British "The Sun" report, an Amazon spokesperson responded to the matter, saying that Alexa may have extracted some malicious text from Wikipedia, and the issue has solved now.

Malware analysis of Buer Virus

Malware analysis

As the name suggests, as a downloadable Trojan virus, Buer is able to download and execute other malware.

Inverse analysis function

Buer has some of the most basic anti-analysis functions:

Check the debugger by checking the NtGlobalFlag in the process environment block (PEB) and the thread environment block (TEB);

Use Red Pill, No Pill and related mechanisms to check virtual machines;

Check the language code to ensure that the virus will not run on computers in a particular country.



Figure 7. Hard-coded language code

Long-term Stay in Memory

Buer can achieve long-term persistence on the infected host by configuring the registry RunOnce entry-the registry key either executes the virus directly or schedules a task to execute it, depending on the version of Buer.

Command and Control (C & C)

The command and control (C & C) function is processed by the GET request of HTTP (S). The command letter is marked as shown in the figure below:



Figure 8. Command beacon example

These requests go to the "update API" and contain an encrypted parameter that can be decrypted in the following ways:

Base 64 decoding;

Hexadecimal decoding

RC4 decryption (the key used in the analysis sample is "CRYPTO_KEY").

The following is an example of clear text parameters:

88a5e68a2047fa5ebdc095a8500d8fae565a6b225ce94956e194b4a0e8a515ae | ab21d61b35a8d1dc4ffb3cc4b75094c31b8c00de3ffaaa17ce1ad15e876dbd1f | Windows 7 | x64 | 4 | AdminBYRFEZOWG

It contains data separated by "|" symbols, including:

Bot ID (SHA-256 hexadecimal summary of various system parameters, such as hardware configuration file GUID and name, computer name, volume serial number, and CPUID);

SHA-256 hash value of self-executable image;

Windows version;

system structure;

Number of processors

User rights;

Computer name.

An example of a command beacon response is shown below:



Figure 9. Example Command Beacon Response

An example of the decrypted plain text response is as follows:



Figure 10. Example of decrypted plain text response

The decrypted text is a JSON object with various options on how to download and execute the payload:

type- contains two types:

update- update itself;

download_and_exec-download and execute specific content.

options-Specifies options for the payload to download:

Hash-only applicable to "update" type to confirm the existence of new updates;

x64-whether the payload is 64-bit;

FileType- is not enabled;

AssemblyType- not enabled;

AccessToken- for downloading the payload;

External-indicates whether to download the payload from C & C or from an external URL.

method-Execute Method class:

exelocal-create process;

memload- Inject and manually load the payload;

memloadex-inject and manually load the payload;

loaddllmem-Inject and manually load the payload.

Parameters- parameters passed in the command line

pathToDrop- not enabled

autorun-indicates whether to set the registry RunOnce for the payload for long-term persistence

modules- not enabled

timeout-not enabled

Downloading the payload from the C & C server is done through a request to the "download API", as shown in the following figure:



Figure 11. Downloading payload from C & C

In Conclusion

In various recent malicious activities, the downloader Trojan virus Buer frequently appeared, and the malware used as the second stage payload included Dreambot, TrickBot, KPOT, Amadey, and Smoke Loader.

This new download Trojan virus has powerful geolocation and anti-analysis functions, and is currently being sold in the dark web market. Given the ads on the dark web market and hard-coded language codes, its developers are thought to be most likely to come from countries where the mother tongue is Russian

List price $ 400! Discover the downloadable Trojan virus "Buer" on the Dark Web

Cyber ​​security company Proofpoint recently published a statement that a new downloadable Trojan virus called "Buer" has grown to a level comparable to its older predecessor "Smoke Loader" and has accumulated in the dark web market. A large number of loyal fans.

Darknet Advertising and Features Overview

It is said that Proofpoint originally found Buer on August 28 this year. At the time, it was mainly used by some attackers to download and run Dreambot (a variant of the banking Trojan Ursnif).

 Figure 1. Example of Microsoft Word attachment with Buer

After searching on the dark web, Proofpoint quickly discovered Buer's sales ads.

Buer is priced at $ 400, and includes installation services, which means that you only need to pay for it. It is up to the seller to install Buer on the target computer and ensure normal operation.

Not only that, the seller also said that subsequent updates and BIG repairs are all free, but the "new address" requires a $ 25 surcharge.

Figure 2. Buer's sales advertisement

 The advertisement also listed Buer's control panel functions, and pointed out that the modular Bot was written entirely in C and used a control panel written in .NET Core.

All in all, the seller wants to emphasize that due to the choice of programming language, both the client and server of Buer have higher performance.

Figure 3. The login page of the Buer control panel

According to the description, the total size of the Buer client is between 55 and 60KB, which can be run in memory as a Windows executable file and a dynamic link library, and is compatible with both 32-bit and 64-bit Windows operating systems.

It is worth mentioning that the virus is set to not run on computers in CIS countries (formerly Soviet Union countries, such as Russia).

As mentioned above, since the control panel is written in .NET Core, it can be easily installed on Ubuntu / Debian Linux systems.

The control panel provides a large amount of statistical information, including the number of online / active / offline / total infected hosts, real-time updates of the infected host list, file download counters, and also supports pairs of operating system types, access permissions, and logical CPU cores Screening for infected hosts.

Figure 4. Infected host statistics page of Buer dashboard



Figure 5. Filter display page of the Buer control panel (filter by "Microsoft Windows")



Figure 6. Task creation page of Buer dashboard

To be continue in my next blog, I will show you: Malware analysis and Command and Control (C & C)