Threat Actor – APT28

''

Overview APT28 is a recognized state-sponsored threat actor operating out of Russia. Nefarious efforts and known exploits conducted by ATP28 (Advanced Persistent Threat) have been tracked as early as 2007 by various cyber-security experts in the field. The following information will outline the worldwide cyber warfare attacks that have been […]

EternalBlue & DoublePulsar – NSA Equation Group Breakdown

''

WANNACRY Overview  May 12th marked one of the largest cyber-security breaches in history. With the onset of a ransomware strain titled ‘WannaCry’ several variants have since  been re-engineered and introduced into the wild. Our crew of Threat Intelligence Researchers, Incident Response Team, and Security Operations Center personnel have diagnosed of […]

WannaCry Malware Sample Analysis

''

Overview The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to test network connectivity. If the network is reachable the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain […]

Dridex – v4

''

Author: Cody Mercer – Senior Threat Intelligence Research Analyst Executive Overview A newly discovered modified version of Dridex, now termed ‘Dridex v4’, has been recognized in the wild in recent days. The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally […]

Enhanced Threat Awareness Proposition

''

Author: Cody Mercer, Senior Intelligence Threat Researcher Network threat attack vectors continually advance in diversity and complexity. Attacks supplied through advanced persistent threats (APT) now spread very quickly and on a larger scale. Various IOT devices and other assets to include mobile/hand-held devices, desktops, bare-metal networks, web applications, and social […]