<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: malware

ThreatSTOP Free Open Source Analysis Tools Series. Part 6: Guildma Information Stealer Use Case

 

Earlier this month, a new variant of the Guildma information stealer was analyzed by the Internet Storm Center (ISC). The malware’s new campaign has been seen targeting various countries in South America, with the highest number of infections recorded in Brazil. It seems that Guildma is spreading quickly, with another recent campaign reaching over 150,000 infection attempts in a matter of weeks.

Read More

Share this:

ThreatSTOP Free Open Source Analysis Tools Series. Part 4: Enrichments & Connecting the Dots

 

Making connections and finding new indicators is an important part of IOC analysis, and is probably the most enjoyable part as well. Blog posts and reports on new threats will usually mention the indicators seen to be used by the specific malware sample or attack vector analyzed, yet in many cases there is a larger malicious infrastructure behind them just waiting to be uncovered (and blocked!). Sometimes, a whole other malicious infrastructure can be revealed by examining IOCs related to malicious IPs and domains. There are a variety of tools out there that can help analysts investigate indicators of compromise and their infrastructure, and perform enrichment to shed light on related, malicious IOCs.

In this post, we will review some of our Security Research Team’s favorite connection and enrichment platforms.

 

Read More

Share this:

Getting Real (SMB) Value From Threat Intelligence

You’ve probably heard of Threat Intelligence, it's all the rage and all the cool kids are doing it… where’ve you been? Threat Intelligence, or “TI,” is everywhere and in everything, and it can be cool, but it can also be slippery and confusing and complex and a huge waste of time and resources depending on what you do (or don’t do) with it. In this post, we’re going to make a bunch of snarky statements about Threat Intelligence, and we’re going to spill the tea on how you (as a small or medium sized business) can use it and actually get some security value in return.

Read More

Share this:

Upgraded JasperLoader Infecting Machines with New Targets & Functional Improvements: What You Need to Know

 

A few months ago, JasperLoader (a new malware loader) emerged, infecting systems with various malware payloads, such as the Gootkit Banking Trojan. After a short, initial campaign, the threat actors behind the malware halted their activity and JasperLoader went off the radar for a while. However, since late May, a new and upgraded version of JasperLoader has been spotted infecting machines across Europe.

Read More

Share this:

Timeline: LokiBot Trojan Surges with Malspam Campaigns Targeting Windows-Running Machines

LokiBot is a banking Trojan, crypto-miner and info-stealer, with versions running on both Windows and Android operating systems. The malware can also transform in to ransomware on mobile devices, if victims try to remove it from the device.

Read More

Share this:

Why You Need to Block the Threat Factory. Not Just the Threats.

 

Cyber criminals will create roughly 100 million new malware variants over the next 12 months. Security vendors will respond with new malware signatures and behaviors to stop them, but thousands of companies will be victimized in the process, experiencing costly or catastrophic breaches. This isn’t new - it’s a cycle.

Read More

Share this:

These Factors MUST Work For Every Successful Ransomware Attack. DNS is Always Involved.

A government agency that found itself infected with ransomware and having to pay the ransom to restore service. Another local agency has opted not to pay the ransom and restore operations. Ransomware targeted at organizations is still a threat and even with backups, you have a highly disruptive and public event to try to get back online that comes with serious costs and potentially lost revenue.

Read More

Share this:

Torii: The New IoT Botnet You Might Need to Start Worrying About

An extremely sophisticated IoT botnet has recently been discovered and dubbed “Torii.” One of Torii malware’s many advanced capabilities is running on just about every type of smartphone, computer and tablet, with over 100 malware variants supporting over 15 different architectures.

Read More

Share this:

John Bambenek Speaking at Infragard Symposium: A Primer on Cyber Security Intelligence & the Need For Threat Sharing

Read More

Share this:

Webcast with John Bambenek: Dangerous Lessons Learned from 2018's Healthcare Breaches

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter