Blog

Category: Malware

Decreasing Dwell Time - How Long Intruders Go Undetected

The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...

Read More

SymHash: An ImpHash for Mach-O

In the past the Windows Portable Executable (PE) format has been analyzed far and wide due to the historical large scale adoption of the platform. In contrast the Mach-O binary format (executable file format used by MacOS X, IOS, and other Mach based systems) has received much less attention. This...

Read More

10 Malware Facts Corrected

Discovering that a terminal on your network has been infected with a malicious program is, at the very least, an inconvenience and more often than not results in loss of productivity and a costly cleanup process. For large-scale organizations, malware can lead to a catastrophic data breach or loss of...

Read More

The Aftermath of a Malicious Python Script Attack

Movies depict hacking as a dramatic struggle to overtake an adversary, often with little attention paid to how all the collateral damage is addressed. So, in the event of a large scale cyber-security event, what really goes on afterward? Moving on after a coordinated attack has been successfully used against...

Read More

How Do the Dangers of Malware Affect SMEs?

Stories about high profile hacking incidents dominate the news coverage of online threats. These pieces do some good in warning us about the devastation that can result in a breach. However, small businesses account for 54% of all sales in the US. The narrative warning of hackers who target businesses would...

Read More

Are You At Risk Of Python Malware?

What is Python? Not all Python programs are viruses. Python is a programming language that is used to create all sorts of applications.Python code requires another application, PyInstaller to open and execute its instructions. Python malware is often packaged complete with all of its dependencies and with PyInstaller as...

Read More

Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks

Five new additional pieces of malware code discovered that contain unique portions of code related to the the SWIFT attacks.Recently, malware analysts at Symantec discovered two subroutines that were shared amongst North Korea’s Lazarus’ groups Operation Blockbuster malware and two samples of malware from the recent...

Read More

Anomali Labs: Evidence of a New Framework POS Campaign

Anomali labs research team has come across a new FrameworkPOS campaign that seems to be slowly picking up. This campaign although is not as big as the former ones found during our initial research still gives us clues about how active the actors behind this activity are.Samples observed During...

Read More

Three Month FrameworkPOS Malware Campaign Nabs ~43,000 Credit Cards from Point of Sale Systems

Threatstream Labs came across an interesting FrameworkPOS sample that given it is two months old, its digitally signed and its certificate hasn't been revoked. FrameworkPOS is a malware family that targets POS (Point of Sale) terminals and its main objective is to steal credit card data from them in...

Read More

Hell Forum Administrator Arrested and Charged for Credit Card Skimming

Following up on my blog post on TOR and I2P Intelligence Monitoring, we are closely tracking the arrest of the forum administrator who utilized the TOR network to hide his illegal activies. 33 year old Ping, who's real name was outted by members of the Hell Forum,...

Read More

Get the latest threat intelligence news in your email.