BLOG
Category: Malware
Cyber Threat Intelligence Malware Research ThreatStream
A Timeline of APT28 Activity
APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More
Cyber Threat Intelligence Malware Research
Welcoming Draft 2, version 1.1 of the NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF) is a set of standards, best practices, and recommendations for improving cybersecurity and managing cybersecurity risk at the organizational level. Since original publication in 2014, the Framework, although voluntarily for the private sector and enterprise, has been widely adopted across the globe. Research by NIST...
Read More
The Rise of Malware Using Legitimate Services for Communications
Malware often includes the ability to communicate with attacker controlled systems on the Internet from within compromised networks. This gives the attacker several important capabilities.Some examples of this communication include:Receive “heartbeats” to maintain an inventory of compromised systems
Send Remote control commands and receive the results...
Read More
Cyber Threat Intelligence Malware Research
12 Days of Threats
On the first day of Christmas a hacker stole from me,
Thousands in my favorite cryptocurrency…
On the second day of Christmas a hacker stole from me,
Two plain-text passwords and thousands in my favorite cryptocurrency...We’re sure by now you’ve heard too much Christmas...
Read More
Anomali Enterprise Cyber Threat Intelligence Malware SIEM ThreatStream
What I’ve Learned as a Part-Time Cyber Threat Analyst Using Anomali Enterprise
A few months ago I wrote a post detailing how Anomali Enterprise helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs...
Read More
How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground
By Vitali Kremez, Flashpoint and Travis Farral, AnomaliIt’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that...
Read More
Hacker Tactics - Part 2: Supply Chain Attacks
Adversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.On June 27th, 2017, the NotPetya malware campaign initiated in Ukraine and rapidly spread around the globe. NotPetya devastated...
Read More
Hacker Tactics - Part 1: Domain Generation Algorithms
Coauthored by Evan Wright and Payton BushAdversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.What are DGAs?DGAs are code that programmatically produce a list...
Read More
Malware Weekly Threat Briefing
WTB: US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
The intelligence in this week’s iteration discuss the following threats: APTs, Cybercriminals, Data leaks, Exploit kits, Malspam, Malware, Mobile, Ransomware, Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Arrests...
Read More
Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream
By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More
How Threat Hunting Can Help Defend Against Malware Attacks
By Kris Merritt (Vector8) and Justin Swisher (Anomali)Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently,...
Read More
Petya (NotPetya, Petrwrap)
DetailsA malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America...
Read More
Ukraine hit hard as Petya Ransomware Variant Spreads around the world
[updated 6/28/2017 1:29pm ET] We will be updating this page with additional information. Please check back for the latest.While initial reports have only centered on the Ukraine being hit by a new stream of ransomware known as Petya, this is a global attack. Just like WannaCry, this might be leveraging...
Read More
Ransomware- A Tech or Human Problem?
If you hadn’t heard of ransomware before WanaCry, you’ve heard of it now. Ransomware is a specially designed piece of malware that blocks a user's access to their files or even to the system itself. It is able to bypass many security controls because its...
Read More
Malware Research Threat Intelligence Platform
Decreasing Dwell Time - How Long Intruders Go Undetected
The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...
Read More
Cyber Threat Intelligence Malware Research Threat Intelligence Platform
SymHash: An ImpHash for Mach-O
In the past the Windows Portable Executable (PE) format has been analyzed far and wide due to the historical large scale adoption of the platform. In contrast the Mach-O binary format (executable file format used by MacOS X, IOS, and other Mach based systems) has received much less attention. This...
Read More
10 Malware Facts Corrected
Discovering that a terminal on your network has been infected with a malicious program is, at the very least, an inconvenience and more often than not results in loss of productivity and a costly cleanup process. For large-scale organizations, malware can lead to a catastrophic data breach or loss of...
Read More
The Aftermath of a Malicious Python Script Attack
Movies depict hacking as a dramatic struggle to overtake an adversary, often with little attention paid to how all the collateral damage is addressed. So, in the event of a large scale cyber-security event, what really goes on afterward? Moving on after a coordinated attack has been successfully used against...
Read More
How Do the Dangers of Malware Affect SMEs?
Stories about high profile hacking incidents dominate the news coverage of online threats. These pieces do some good in warning us about the devastation that can result in a breach. However, small businesses account for 54% of all sales in the US. The narrative warning of hackers who target businesses would...
Read More
Are You At Risk Of Python Malware?
What is Python? Not all Python programs are viruses. Python is a programming language that is used to create all sorts of applications.Python code requires another application, PyInstaller to open and execute its instructions. Python malware is often packaged complete with all of its dependencies and with PyInstaller as...
Read More
