GoldenEye & NoPetya Attack

''

Executive Overview Believed to be a modified version of the once successful Petya ransomware, NoPetya seems to be a variant to the GoldenEye ransomware family with source code structuring nearly identical after initial analysis. Unlike its predecessors WannaCry and Petya, GoldenEye incorporates multiple encryption points on its compromised systems. Not […]

Threat Actor – APT28

''

Overview APT28 is a recognized state-sponsored threat actor operating out of Russia. Nefarious efforts and known exploits conducted by ATP28 (Advanced Persistent Threat) have been tracked as early as 2007 by various cyber-security experts in the field. The following information will outline the worldwide cyber warfare attacks that have been […]

EternalBlue & DoublePulsar – NSA Equation Group Breakdown

''

WANNACRY Overview  May 12th marked one of the largest cyber-security breaches in history. With the onset of a ransomware strain titled ‘WannaCry’ several variants have since  been re-engineered and introduced into the wild. Our crew of Threat Intelligence Researchers, Incident Response Team, and Security Operations Center personnel have diagnosed of […]

WannaCry Malware Sample Analysis

''

Overview The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to test network connectivity. If the network is reachable the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain […]