BLOG

Category: Malware

Cyber Threat Intelligence Malware Research ThreatStream

A Timeline of APT28 Activity

APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More


Cyber Threat Intelligence Malware Research

Welcoming Draft 2, version 1.1 of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) is a set of standards, best practices, and recommendations for improving cybersecurity and managing cybersecurity risk at the organizational level. Since original publication in 2014, the Framework, although voluntarily for the private sector and enterprise, has been widely adopted across the globe. Research by NIST...
Read More


Malware Research

The Rise of Malware Using Legitimate Services for Communications

Malware often includes the ability to communicate with attacker controlled systems on the Internet from within compromised networks. This gives the attacker several important capabilities.Some examples of this communication include:Receive “heartbeats” to maintain an inventory of compromised systems Send Remote control commands and receive the results...
Read More


Cyber Threat Intelligence Malware Research

12 Days of Threats

On the first day of Christmas a hacker stole from me, Thousands in my favorite cryptocurrency… On the second day of Christmas a hacker stole from me, Two plain-text passwords and thousands in my favorite cryptocurrency...We’re sure by now you’ve heard too much Christmas...
Read More


Anomali Enterprise Cyber Threat Intelligence Malware SIEM ThreatStream

What I’ve Learned as a Part-Time Cyber Threat Analyst Using Anomali Enterprise

A few months ago I wrote a post detailing how Anomali Enterprise helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs...
Read More


Malware Research

How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground

By Vitali Kremez, Flashpoint and Travis Farral, AnomaliIt’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that...
Read More


Malware

Hacker Tactics - Part 2: Supply Chain Attacks

Adversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.On June 27th, 2017, the NotPetya malware campaign initiated in Ukraine and rapidly spread around the globe. NotPetya devastated...
Read More


Anomali Enterprise Malware

Hacker Tactics - Part 1: Domain Generation Algorithms

Coauthored by Evan Wright and Payton BushAdversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.What are DGAs?DGAs are code that programmatically produce a list...
Read More


Malware Weekly Threat Briefing

WTB: US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks

The intelligence in this week’s iteration discuss the following threats: APTs, Cybercriminals, Data leaks, Exploit kits, Malspam, Malware, Mobile, Ransomware, Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Arrests...
Read More


Malware ThreatStream

Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream

By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More


Malware Research

How Threat Hunting Can Help Defend Against Malware Attacks

By Kris Merritt (Vector8) and Justin Swisher (Anomali)Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently,...
Read More


Malware Research

Petya (NotPetya, Petrwrap)

DetailsA malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America...
Read More


Malware Research

Ukraine hit hard as Petya Ransomware Variant Spreads around the world

[updated 6/28/2017 1:29pm ET] We will be updating this page with additional information. Please check back for the latest.While initial reports have only centered on the Ukraine being hit by a new stream of ransomware known as Petya, this is a global attack. Just like WannaCry, this might be leveraging...
Read More


Malware Research

Ransomware- A Tech or Human Problem?

If you hadn’t heard of ransomware before WanaCry, you’ve heard of it now. Ransomware is a specially designed piece of malware that blocks a user's access to their files or even to the system itself. It is able to bypass many security controls because its...
Read More


Malware Research Threat Intelligence Platform

Decreasing Dwell Time - How Long Intruders Go Undetected

The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...
Read More


Cyber Threat Intelligence Malware Research Threat Intelligence Platform

SymHash: An ImpHash for Mach-O

In the past the Windows Portable Executable (PE) format has been analyzed far and wide due to the historical large scale adoption of the platform. In contrast the Mach-O binary format (executable file format used by MacOS X, IOS, and other Mach based systems) has received much less attention. This...
Read More


Malware

10 Malware Facts Corrected

Discovering that a terminal on your network has been infected with a malicious program is, at the very least, an inconvenience and more often than not results in loss of productivity and a costly cleanup process. For large-scale organizations, malware can lead to a catastrophic data breach or loss of...
Read More


Malware

The Aftermath of a Malicious Python Script Attack

Movies depict hacking as a dramatic struggle to overtake an adversary, often with little attention paid to how all the collateral damage is addressed. So, in the event of a large scale cyber-security event, what really goes on afterward? Moving on after a coordinated attack has been successfully used against...
Read More


Malware

How Do the Dangers of Malware Affect SMEs?

Stories about high profile hacking incidents dominate the news coverage of online threats. These pieces do some good in warning us about the devastation that can result in a breach. However, small businesses account for 54% of all sales in the US. The narrative warning of hackers who target businesses would...
Read More


Malware

Are You At Risk Of Python Malware?

What is Python? Not all Python programs are viruses. Python is a programming language that is used to create all sorts of applications.Python code requires another application, PyInstaller to open and execute its instructions. Python malware is often packaged complete with all of its dependencies and with PyInstaller as...
Read More


Get the latest threat intelligence news in your email.