GoldenEye & NoPetya Attack

''

Executive Overview Believed to be a modified version of the once successful Petya ransomware, NoPetya seems to be a variant to the GoldenEye ransomware family with source code structuring nearly identical after initial analysis. Unlike its predecessors WannaCry and Petya, GoldenEye incorporates multiple encryption points on its compromised systems. Not […]

WannaCry Malware Sample Analysis

''

Overview The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to test network connectivity. If the network is reachable the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain […]

Shamoon 2: Back On the Prowl

''

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Overview From reports in late January 2017, the Shamoon malware is back. Shamoon wipes the disks of computers infected with the malware. Apparently a new Shamoon variant prompted Saudi Arabia telecoms authority to issue a warning on […]