<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:akaploun

Recent Posts

ThreatSTOP Introduces New Targets From Bambenek Consulting Feeds

Several new malware families have made recent appearances on the Bambenek Consulting feeds and are now tracked also by ThreatSTOP. These malware families are different in action and in their targets.

Read More

Share this:

ThreatSTOP Adds Nao_Sec Targets to Protect Against Drive-By Attacks

Nao_sec provides cyber security research dedicated to Exploit Kits. In campaigns that include Exploit Kits, landing pages with malicious code are used in an attempt to exploit a specific vulnerability on the victim's device.

Read More

Share this:

ThreatSTOP Adds Support for DShield Collaborative 404 Error Page Reporting

DShield has a project called the 404Project. The goal of the project is to track attackers looking to compromise web pages.

To do this, they've started selling a Raspberry Pi Honeypot to hook into your network. The alternative, is to embed one of a selection of code snippets into your website's 404 error page. These honey pots track hits on the 404 page. Hackers generate these hits when scanning for vulnerable utilities common to various web hosts. When the 404Project detects these scans, it records the attacker's IP and uploads it to DShield.

Read More

Share this:

New Sources for Forum Spam Targets

Forums are a useful tool for any corporation, community or association. Much like e-mail spam targets personal and corporate accounts, spambots target all types of forums for marketing or malicious activity.  

Read More

Share this:

Hancitor/Chanitor Downloader - You've Got Malspam

Hancitor Downloader has seen many campaigns this year. Malware-Traffic-Analysis, a security research blog operated by Brad Duncan, has published over 40 related articles since the beginning of 2017. Each article covers malspam delivering the downloader, with no sign of the campaigns' wavering.

Read More

Share this:

Remember Emotet Malware? It's Back.

Emotet (also Geodo, Feodo) is a banking trojan (discovered by Trend Micro in 2014) that targeted German and Austrian banking clients. In 2015, Kaspersky published findings of a variant targeting Swiss banking clients. Differences in this version included a new public RSA key (replacing the previous version) and removal of comments and debugging information from the Automatic Transfer System (ATS) script. This script enabled the automatic transfer of funds from the infected users bank account to the cyber criminal's.

Read More

Share this:

ZeroT Dropping PlugX RAT: Another Day, Another APT

 

A cyber group attributed to Chinese APT activity has used the downloader ZeroT  since February 2016, as reported by Proofpoint in 2017.

Read More

Share this:

Zloader/Terdot – That Man in the Middle

The ZeuS malware family was first seen in July 2007, and is the poster child for long-lasting bots. Zbot, one of the aliases of ZeuS, has a familial relation to Terdot. When ZeuS's source code leaked in 2011 bad actors jumped at the chance to start updating its capabilities based on their campaigns. One of these offspring was Terdot. MalwareBytes has made a study of the ZeuS family, and have noted a recent increase in Terdot/Zloader infections.

Read More

Share this:

El Machete Malware is Still "Sharp"

In the rapid cycle rise and disappearance of malware campaigns, there are only a few campaigns that last for several years. One of these, is the El Machete malware, which was first discovered by Kaspersky, and is thought to have been active since 2010.

Read More

Share this:

BankBot and BankBotAlpha – Banking Android Malware

BankBot is a malware targeting Android OS, and has appeared in the Google Play Store in different forms, often impersonating well-known application icons or names.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter