But Java 8 provides an Optional, so let’s use it! Optional optional = Next, pre Java 8, we could always use a null check as seen above. Person person = (Person::named, "Mary Smith") Thus, the code throws a NullPointerException. When we call detectWith, person gets set to null as we couldn’t find anyone that satisfied the predicate. See the code example below (taken from our kata tutorial materials): Person person = (Person::named, "Mary Smith") Īssert.assertEquals("Mary", person.getFirstName()) Īssert.assertEquals("Smith", person.getLastName()) Instead of returning the element or null, it returns an Optional which is then left to the user to handle. Thus, in 8.0 we introduced detectWithOptional(). If it does not find any element, it returns null. detectWith accepts a Predicate argument and returns the first element in the collection that satisfies that condition. So, where can we use this in Eclipse Collections? tectWith() is a perfect fit. Basically, Optional helps protect us from NullPointerExceptions by forcing us to handle potentially null items. If a value is present, isPresent() will return true and get() will return the value". From the Javadoc, "A container object which may or may not contain a non-null value. Optional is one of the most popular new features for Java 8. Now, starting with Eclipse Collections, we have made the design decision to be compatible with Java 8+ in order to start leveraging some of the cool Java 8 features in our own codebase. Eclipse Collections was compatible with Java 8, but it did not use or embrace it. You could also use Java 8 and leverage lambdas and method references when using the rich API, and in fact it worked quite well.īut that’s all you really got. Prior to the Eclipse Collections release, EC was compatible with Java versions 5 - 7. We have a list of people (type Person), each person can have a list of Pets, and each pet is of a certain PetType enum. The Domainīefore we dive into any details or code examples, let’s walk through the domain that we will use in this article for our code snippets. If you’d like some good introductory literature, take a look at Donald Raab’s InfoQ articles, "GS Collections By Example" part I and part II. In 2015, it was migrated to the Eclipse foundation, and since then, all active development for the framework was done under the Eclipse Collections name and repository. It was developed internally at Goldman Sachs for 10 years before being open sourced in 2012 as GS Collections. Eclipse Collections also has a full complement of primitive containers. It has JDK-compatible List, Set and Map implementations with a rich API, as well as additional types not found in the JDK such as Bags, Multimaps and BiMaps. 30 Second Introduction – What is Eclipse Collections?Įclipse Collections is a drop in replacement for the Java Collections framework.
0 Comments
lnk file will download an MSI file from the url hxxp://91.234.33.108/u3/ebe9c1f5e5011f667ef8990bf22a38f7/document.msi, and from there, the attack is pretty similar as the one performed in OP#1. ПОСТАНОВЛЕНИЕ № 583-НС.zip contains a lnk file as well as the previous pdf. "On Amendments to the Law of the Luhansk People's Republic Of the Luhansk People's Republic dated MaNo 417-PZ / 21-3 On consideration in the second reading of the draft law The lure in this case was themed about Luhansk:Ī valid translation of this document would be: How attackers sent this file to victims is still unknown. We believe that the attack started with this zip file named ПОСТАНОВЛЕНИЕ № 583-НС.zip. After applying that conversion to the file, we can see that this file is what we called DBoxShell (also called PowerMagic by Kaspersky):ĭboxShell variant used in OP#1 OP#2 - April 2021 Iesync.so and iesync.vbs were dropped as part of OP#1 infection phaseĪfter that, the iesync.vbs file will apply a XOR operation to iesync.so. That file will drop two files named iesync.so and iesync.vbs. So finally, cachelib.dll will be executed. The content is encoded using base64:Ĭontents of zip file and detail of shortcut.vbs In the background, this MSI file will execute a. This first MSI file, when executed, will show the following error to the user: Although the infection chain is similar to what was already reported, the attackers were using a slightly different process back in 2020:Īn MSI file is downloaded from hxxp://91.234.33.185/f8f44e5de5b4d954a83961e8990af655/update.msi. The first operation we know of happened in December 2020. Notes about activity before the war OP#1 - Late 2020 However, the actor's tactics, techniques, and procedures (TTPs) are very distinctive, which gives us a high level of confidence in our attribution. Since our investigation started in September 2022, information about the initial campaigns has been limited. The next infographic shows some of the operations recognized by us: Malwarebytes has identified multiple operations, first dated in 2020. However, this was not the only activity carried out by the group. In fact, this is the attack that Kaspersky analyzed in its blog. Our investigation started in September 2022, when one of our former coworkers Hossein Jazi discovered an interesting lure, that seemed to target some entities over the war context: Depending on the campaign, attackers managed to exfiltrate snapshots, USB drives, keyboard strokes, and microphone recordings.įinally, we will reveal unknown scripts and malware run by the group in this report. Military, transportation and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums. Additionally, we will provide insights into the latest campaigns performed by Red Stinger, where we have found that the group has targeted entities in different places of Ukraine. We have identified attacks from the group starting in 2020, meaning that they have remained under the radar for at least three years. Our investigation could be helpful to the community as we will provide new undisclosed data about the group. Now that the existence of this group is public, we will also share some of our information about the actor and its tactics. This investigation remained private for a while, but Kaspersky recently published information about the same actor (who it called Bad Magic). Moreover, we started tracking the actor behind it, which we internally codenamed Red Stinger. While looking for activities from the usual suspects, one of our former coworkers at Malwarebytes Threat Intelligence Team discovered a new interesting lure that targeted the Eastern Ukraine region and reported that finding to the public. Given this context, it would not be surprising that the cybersecurity landscape between these two countries has also been tense. While the official conflict between Russia and Ukraine began in February 2022, there is a long history of physical conflict between the two nations, including the 2014 annexation of Crimea by Russia and when the regions of Donetsk and Luhansk declared themselves independent from Ukraine and came under Russia's umbrella. This blog post was authored by Malwarebytes' Roberto Santos and Fortinet's Hossein Jazi |