Malware

More from DarkSide? We Ran an Analysis of Additional Identified Artifacts

On 14 May 2021, Analyst1 security researchers released a detailed report on the DarkSide cybercriminal gang, which is believed to be responsible for ransomware attacks targeting the Colonial Pipeline. Part of the report was several indicators of compromise (IoCs), specifically 41 malware hashes, two domains, and three IP addresses.

ZeuS, Still Alive and Kicking in the Form of Jabber ZeuS?

ZeuS malware traces its origin as far back as 2006, when it was used to steal victims' online banking credentials. In 2011, its source code was leaked on a file-sharing site and quickly spread throughout various underground fora.

SideWinder DNS Blackholes Uncovered with Threat Intelligence Platform

A Domain Name System (DNS) blackhole is essentially a DNS server that gives false results for domain names. Also known as a "sinkhole server," an "Internet sinkhole," or a "DNS sinkhole," threat actors sometimes use DNS blackholes to redirect users to potentially harmful sites or pages.

Given a Malicious Email Address, What Can You Discover with Maltego’s WhoisXML API Transforms?

On any given day, most of us get more emails that we won't read than those that we would. Many of these messages will remain unread and sent to the trash. There comes the third category of emails: Those we wished we hadn't read and acted upon because they are bound to be malicious, sent by cybercriminals trying to lure you into one of their scams.

How Reverse IP Lookup API Can Help Detect Connected Domains

In 2020, reports say 94% of malware were delivered via email. Phishing remains a threat, as it accounts for more than 80% of security incidents that can cost victims almost US$18,000 per minute.

Gathering Context Around Emotet, Trickbot, and Dridex C&C Servers with Bulk IP Geolocation

Dridex, Trickbot, and Emotet are banking Trojans that have enabled cybercrime groups to steal hundreds of millions of dollars from their victims. These malware have evolved over the years, and just recently, Emotet was seen using stolen attachments to make their spam emails more credible.

How Cyber Threat Intelligence Feeds Can Support MSSPs

Organizations that don't have a dedicated pool of cybersecurity experts often hire managed security service providers (MSSPs) to help them ward off attempts and attacks. Yet in today's ever-dangerous cyber threat landscape, even the best service providers may fall for cybercriminals' traps.

What Cyber Threat Intelligence Tools Can Reveal about a Targeted Attack

Targeted attacks are considered insidious digital threats as they may lead to debilitating data breaches with substantial financial repercussions. Apart from money lost to theft, victims may shed even more resources as they face expensive lawsuits, hefty fines, and settlements for failing to comply with data privacy regulations in addition to reputational damage.

Threat Intelligence: The First Line of Defense Against Data-Stealing Ransomware

The threat landscape is ever-changing. As time goes by, threat campaigns use new and more sophisticated technologies than seen before. Still, some reuse tried-and-tested methods while adding a few other functionalities, as in the case of FTCODE ransomware operators.

Using Threat Intelligence Feeds to Prevent Orcus RAT Infections

John Paul Revesz (also known as "Armada"), the Canadian behind the Orcus RAT (a software that been used in various malware attacks), has been charged under Section 342.1 of the Criminal Code on November 8. The specific section is for the unauthorized use of a computer, and at its core, this is what Revesz's Orcus software does.