Wcry WannaCry WCry Ransomware Malware ETERNALBLUE/MS17-010 Worm is dead or is it? – active new IOCs Domain Names/IPs

Ransomware is nothing new, since 2012 it has been wreaking havoc on the world. The TTPs for delivering and infecting victims has changed over the years but the end goal remains the same, give me your money or you’ll never see your files again. Some of the first ransomware campaigns used mechanisms such as exploit … Read more

JIGSAW Ransomware does not use C2 infrastructure and proving to be a lot harder to shut down then researchers originally thought

A new sample was released today courtesy of http://www.pcapanalysis.com which can be located at the reference linked at the bottom. The ransomware is currently being distributed mostly via malspam campaigns but was also observed being served up by the lord exploit  kit and links were found posted on hacked wordpress sites and forums for drive-by-download … Read more

Active Exploit Kits and their Evolution From Blackhole to Fallout and Spelevo Purple Fox Lord

In 2010 the crimeware scene became more profitable then ever and where as the main malware being used to generate revenue was FakeAV and scareware. It wasn’t as easy to infect a host until Paunch hit the scene and developed a way to use publicly available exploits as well as buying 0day exploits on the … Read more

Emissary Panda / TG-3390 / BRONZE UNION / APT27 / CVE-2019-0604 to exploit SharePoint servers AntSword & Awen Webshell

Associated Group Descriptions Name TG-3390 Emissary Panda BRONZE UNION APT27 Iron Tiger LuckyMouse CVE-2019-0604 to exploit SharePoint servers to gain initial access to targeted networks. We would like to acknowledge the possibility of an overlap in the AntSword webshell, as we stated that Emissary Panda used China Chopper in the April attacks and AntSword and … Read more

SideWinder APT Group Exploiting CVE-2019-2215 Google Play App Camero, FileCrypt Manager, and callCam

SideWinder advanced persistent threat (APT) group, report Trend Micro’s Ecular Xu and Joseph Chen in a blog post. Sidewinder, a group detected by Kaspersky Labs in the first quarter of 2018, primarily targets Pakistani military infrastructure and has been active since at least 2012. Security researchers believe the threat group is associated with Indian espionage … Read more

The Evolution of Hacking and Security – From Bindshells to Reverse Shells

So, if you read my previous post on what hacking was like in the mid 90’s to early 2000’s this post will be basically the polar opposite. The hacking game has drastically changed, the old wild wild west version of the internet has turned into cities and suburbs where hacking still takes place but there … Read more

Detailed Analysis of the processes and stages of an Exploit Kit – Java and IE exploited by Flashpack Web Based Kit

Here you can see the webpage that the hackers exploited (arksylhet.com/A67iD4eo/index.html) and inserted within that page an iframe which includes a link to a Javascript Redirect file 2012-09-18 22:41:42.001035 IP > Flags [P.], seq 1:395, ack 1, win 64240, length 394 E…*.@…….j.\+lF…P7_Z.X.X.P….?..GET /Lk1SsGQm/js.js HTTP/1.1 Host: web63.server77.publicompserver.de User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; … Read more

Malware Has Not Gone Away Like Some People Think

Cyber Security Analysts and Specialist alike have noticed a significant downward trend in the number of infections being reported. This doesn’t mean that the Crimeware bosses have packed up shop and gone legit. There are many contributing factors to the current number of infections. Reviewing many of the largest security solution providers logs and examining … Read more