ALERT! Very Active PHISHING CAMPAIGN still alive targeting Dropbox Users

I received the link via e-mail but also found it online through some redirects and a dropbox typeo domain name. The images and page look spot on ….but if you look at the URI like you should you’ll notice right away we got some problems here! http://glabalinvestment.tk/cost/DROP1/casts/ The campaign is stealing your Gmail, Yahoo, MSN, … Read more

BLACKHAT BLACK HAT 2016 USA VEGAS BRIEFING – HORSE PILL: A NEW TYPE OF LINUX ROOTKIT

Location:  South Seas CDF Date: Thursday, August 4 | 12:10pm-1:00pm Format: 50 Minute Briefing Tracks: Malware Platform Security: VM, OS, Host and Container What if we took the underlying technical elements of Linux containers and used them for evil? The result a new kind rootkit, which is even able to infect and persist in systems with … Read more

Wcry WannaCry WCry Ransomware Malware ETERNALBLUE/MS17-010 Worm is dead or is it? – active new IOCs Domain Names/IPs

Ransomware is nothing new, since 2012 it has been wreaking havoc on the world. The TTPs for delivering and infecting victims has changed over the years but the end goal remains the same, give me your money or you’ll never see your files again. Some of the first ransomware campaigns used mechanisms such as exploit … Read more

CERBER Ransomware Hidden C2 Servers Traffic and Malware Analysis

Cerber ransomware has been one of the most prolific crimeware botnets to have arisen, it is currently generating an estimated $2.5 million dollars a year and rising. Once infected, your content is encrypted and held for ransom as the name implies. You will see an image popup with instructions on how to reclaim your data … Read more

Malspam E-mail Leads to Ransomware Cerber/Zerber Infection TRAFFIC SAMPLE

Example of files that were encrypted and protected: The domain name ftoxmpdipwobp4qy.joa688.top was NX and not required for the purchase process. 2016-12-16 01:29:05.256362 IP 192.168.1.102.50104 > 72.167.232.152.80: Flags [P.], seq 0:303, ack 1, win 256, length 303: HTTP: GET //up1/1/4fv3b5.exe HTTP/1.1E..W..@……..fH……P.n……P…….GET //up1/1/4fv3b5.exe HTTP/1.1Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; … Read more