3 min
Malware
Malware and Advanced Threat Protection: A User-Host-Process Model
In today's big data and data science age, you need to think outside the box when
it comes to malware and advanced threat protection. For the Analytic Response
team at our 24/7 SOC in Alexandria, VA, we use three levels of user behavior
analytics to identify and respond to threats. The model is defined as
User-Host-Process, or UHP. Using this model and its supporting datasets allows
our team to quickly neutralize and protect against advanced threats with a high
confidence rate.
What is the User-
3 min
Malware
Ransomware FAQ: Avoiding the latest trend in malware
Recently, a number of Rapid7's customers have been evaluating the risks posed by
the swift rise of ransomware as an attack vector. Today, I'd like to address
some of the more common concerns.
What is Ransomware?
Cryptowall [http://www.theregister.co.uk/2015/11/09/cryptowall_40/] and
Cryptolocker [https://www.us-cert.gov/ncas/alerts/TA13-309A] are among of the
best known ransomware criminal malware packages today. In most cases, users are
afflicted by ransomware by clicking on a phishing link o
2 min
Malware
What Exactly is Duqu 2.0?
Overview:
Duqu, a very complex and modular malware platform thought to have gone dark in
late 2012, has made its appearance within the environment of Kaspersky Labs.
[https://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237]
Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware
represents a high level of sophistication, skill, funding and motivation seen by
nation-sponsored actors. Infections related to this malware have reveale
9 min
Malware
ByeBye Shell and the Targeting of Pakistan
Asia and South Asia are a theater for daily attacks and numerous ongoing
espionage campaigns between neighboring countries, so many campaigns that it's
hard to keep count. Recently I stumbled on yet another one, which appears to
have been active since at least the beginning of the year, and seems mostly
directed at Pakistani targets.
In this article we're going to analyze the nature of the attacks, the
functionality of the backdoor - here labelled as ByeBye Shell - and the quick
interaction I h
15 min
Malware
Skynet, a Tor-powered botnet straight from Reddit
While wandering through the dark alleys of the Internet we encountered an
unusual malware artifact, something that we never observed before that gave us
fun while we meticulously dissected it until late night.
The more we spent time looking at it, the more it started to look unusually
familiar. As a matter of fact it turned out being the exact same botnet that an
audacious Reddit user of possible German origin named “throwaway236236”
described in a very popular I Am A thread you can read here
[
13 min
Malware
Analysis of the FinFisher Lawful Interception Malware
It's all over the news once again: lawful interception malware discovered in the
wild being used by government organizations for intelligence and surveillance
activities. We saw it last year when the Chaos Computer Club unveiled a trojan
being used by the federal government in Germany, WikiLeaks released a collection
of related documents in the Spy Files, we read about an alleged offer from Gamma
Group to provide the toolkit FinFisher to the Egyptian government, and we are
reading once again now
4 min
Malware
Cuckoo Sandbox 0.4 Simplifies Malware Analysis with KVM support, Signatures and Extended Modularity
That's right, the much anticipated and long awaited 0.4 release is finally here!
Just like divas arrive late at the gala, we took some more time than expected,
but are now worthy of a triumphant entrance.
If you're not familiar with Cuckoo Sandbox, it's an open source solution for
automating malware analysis.
What does that mean? Simply that you can throw any suspicious file at it and
after a few seconds it will give you back detailed information on what that file
does when executed inside a