September 20 - 22, 2017
BLOG
Category: Malware
Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream
By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More
How Threat Hunting Can Help Defend Against Malware Attacks
By Kris Merritt (Vector8) and Justin Swisher (Anomali)Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently,...
Read More
Petya (NotPetya, Petrwrap)
DetailsA malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America...
Read More
Ukraine hit hard as Petya Ransomware Variant Spreads around the world
[updated 6/28/2017 1:29pm ET] We will be updating this page with additional information. Please check back for the latest.While initial reports have only centered on the Ukraine being hit by a new stream of ransomware known as Petya, this is a global attack. Just like WannaCry, this might be leveraging...
Read More
Ransomware- A Tech or Human Problem?
If you hadn’t heard of ransomware before WanaCry, you’ve heard of it now. Ransomware is a specially designed piece of malware that blocks a user's access to their files or even to the system itself. It is able to bypass many security controls because its...
Read More
Malware Research Threat Intelligence Platform
Decreasing Dwell Time - How Long Intruders Go Undetected
The evaluation of technical threat intelligence data is a nascent art. When evaluating Indicator sources many focus on counting the number of indicators the source has. The next step in evaluating indicator sources is usually based upon the number of True Positive alerts generated by the IoCs compared to the...
Read More
Cyber Threat Intelligence Malware Research Threat Intelligence Platform
SymHash: An ImpHash for Mach-O
In the past the Windows Portable Executable (PE) format has been analyzed far and wide due to the historical large scale adoption of the platform. In contrast the Mach-O binary format (executable file format used by MacOS X, IOS, and other Mach based systems) has received much less attention. This...
Read More
10 Malware Facts Corrected
Discovering that a terminal on your network has been infected with a malicious program is, at the very least, an inconvenience and more often than not results in loss of productivity and a costly cleanup process. For large-scale organizations, malware can lead to a catastrophic data breach or loss of...
Read More
The Aftermath of a Malicious Python Script Attack
Movies depict hacking as a dramatic struggle to overtake an adversary, often with little attention paid to how all the collateral damage is addressed. So, in the event of a large scale cyber-security event, what really goes on afterward? Moving on after a coordinated attack has been successfully used against...
Read More
How Do the Dangers of Malware Affect SMEs?
Stories about high profile hacking incidents dominate the news coverage of online threats. These pieces do some good in warning us about the devastation that can result in a breach. However, small businesses account for 54% of all sales in the US. The narrative warning of hackers who target businesses would...
Read More
Are You At Risk Of Python Malware?
What is Python? Not all Python programs are viruses. Python is a programming language that is used to create all sorts of applications.Python code requires another application, PyInstaller to open and execute its instructions. Python malware is often packaged complete with all of its dependencies and with PyInstaller as...
Read More
Cyber Threat Intelligence Malware
Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks
Five new additional pieces of malware code discovered that contain unique portions of code related to the the SWIFT attacks.Recently, malware analysts at Symantec discovered two subroutines that were shared amongst North Korea’s Lazarus’ groups Operation Blockbuster malware and two samples of malware from the recent...
Read More
Cyber Threat Intelligence Malware Research SIEM
Anomali Labs: Evidence of a New Framework POS Campaign
Anomali labs research team has come across a new FrameworkPOS campaign that seems to be slowly picking up. This campaign although is not as big as the former ones found during our initial research still gives us clues about how active the actors behind this activity are.Samples observed During...
Read More
Three Month FrameworkPOS Malware Campaign Nabs ~43,000 Credit Cards from Point of Sale Systems
Threatstream Labs came across an interesting FrameworkPOS sample that given it is two months old, its digitally signed and its certificate hasn't been revoked. FrameworkPOS is a malware family that targets POS (Point of Sale) terminals and its main objective is to steal credit card data from them in...
Read More
Hell Forum Administrator Arrested and Charged for Credit Card Skimming
Following up on my blog post on TOR and I2P Intelligence Monitoring, we are closely tracking the arrest of the forum administrator who utilized the TOR network to hide his illegal activies. 33 year old Ping, who's real name was outted by members of the Hell Forum,...
Read More
SF/Bay Area Open Source Security Hackathon
It’s time again folks, Threat Stream and AlienVault will be co-hosting the next Open Source Security Tool Hackathon. This time we are focusing on highly popular malware identification tool: Yara.YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you...
Read More
Adobe hit with new Targeted Attack (APT)
From Adobe’s blog:“Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network,...
Read More
