GoldenEye & NoPetya Attack

''

Executive Overview Believed to be a modified version of the once successful Petya ransomware, NoPetya seems to be a variant to the GoldenEye ransomware family with source code structuring nearly identical after initial analysis. Unlike its predecessors WannaCry and Petya, GoldenEye incorporates multiple encryption points on its compromised systems. Not […]

EternalBlue & DoublePulsar – NSA Equation Group Breakdown

''

WANNACRY Overview  May 12th marked one of the largest cyber-security breaches in history. With the onset of a ransomware strain titled ‘WannaCry’ several variants have since  been re-engineered and introduced into the wild. Our crew of Threat Intelligence Researchers, Incident Response Team, and Security Operations Center personnel have diagnosed of […]

Apache Struts2 Remote Code Execution Vulnerability (S2-045)

''

Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details, […]

“Shifu” Banking Trojan – Technical Analysis and Recommendations

''Trojan Horse

Overview The banking Trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and re-emerged in Britain compromising […]