IPv6 Fragmentation
Fragmentation has been a frequent source of security vulnerabilities in IPv4, and for good reason. With fragmented IPv4 packets, the layer 4 header information is not available in the second through...
View ArticleAttack of the Shuriken: Many Hands, Many Weapons
A visual sample of Distributed Denial of Service (DDoS or DoS) attack tools & services compiled by Curt Wilson - Research Analyst, Arbor Networks ASERT There are a variety of popular Denial of...
View ArticleDDoS Attacks on SSL: Something Old, Something New
SSL (or TLS) secures web services such as banking, online purchases, email and remote access. Popular services such as Twitter , Hotmail and Facebook are increasingly migrating to SSL to improve...
View ArticleHow to create a Full Packet Capture
Once you’ve decided that you’d like to start doing full packet capture, You may well ask how? Learn about these basic steps in performing full packet captures.
View ArticleTrickBot Banker Insights
A new banking trojan, TrickBot, has seemingly risen from the ashes left behind by the November 2015 takedown of Dyreza/Dyre infrastructure and the arrests of threat actors identified by Russian...
View ArticleMirai IoT Botnet Description and DDoS Attack Mitigation
Since its inception in August of 2016, the Mirai ‘Internet-of-Things’ (IoT) botnet, comprised largely of internet-enabled digital video recorders (DVRs), surveillance cameras, and other...
View ArticleFlying Dragon Eye: Uyghur Themed Threat Activity
DOWNLOAD FULL REPORT HERE DOWNLOAD INDICATORS OF COMPROMISE (IOCs) HERE This paper documents attempted exploitation activity aimed at Uyghur interests outside of China. Exploitation is being attempted...
View ArticleFlokiBot: A Flock of Bots?
In early October, Flashpoint released an analysis of an underground forum advertisement for a new malware family known as FlokiBot. It took some time before a sample was found in the wild, but a...
View ArticleDiving Into Buhtrap Banking Trojan Activity
Cyphort recently published an article about the Buhtrap banking trojan [ https://www.cyphort.com/banking-malware-buhtrap-caught-action/ ], targeting users of Russian and Ukrainian banks as reported in...
View ArticleAnalysis of CryptFile2 Ransomware Server
This report describes several elements of a ransomware staging system using the Nemucod malware to deliver CryptFile2 (aka Hydracrypt.A and Win32/Filecoder.HydraCrypt.C) ransomware, an ongoing threat...
View ArticleOn the Economics, Propagation, and Mitigation of Mirai
In late November of 2016, a new Mirai variant emerged that leveraged a propagation mechanism different from the Telnet-based brute forcing mechanism originally provided in the leaked Mirai source code.
View ArticleDismantling a Nuclear Bot
A recent tweet mentioned that a new banking malware called “Nuclear Bot” has started to appear for sale on underground marketplaces. Its price starts around $2500 which is more than double the price...
View ArticleNon-Government Organization in Support of Government Hopes
Red Team analysis is the process of viewing a situation from the perspective of an adversary thus providing insights beyond those that might otherwise be limited by normative biases.
View ArticleAdditional Insights on Shamoon2
IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. Researchers showcased a potential malware lifecycle which started with...
View ArticleChange All Your Passwords, Right Now!
by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one...
View ArticleAcronym: M is for Malware
A malware researcher known as Antelox recently tweeted about an unknown malware sample that caught our eye. Upon further investigation, it is a modular malware known as Acronym and could possibly be...
View ArticleObserved Spike in DDoS Attacks Targeting Hong Kong
Introduction Each week ASERT produces a weekly threat intelligence bulletin for Arbor customers. In addition to providing insights into the week's security news and reviewing ASERT's threat research...
View ArticleGreenbug’s DNS-isms
Over the past few months there has been a lot of research and press coverage on the Shamoon campaigns. These have been the attacks on Saudi Arabian companies where a destructive malware known as...
View ArticleWannaCry
Information regarding the WannaCry ransomware is spreading as quickly as the malware itself and is expected to do so throughout the weekend. This blog provides some information from our malware...
View ArticleZyklon Season
The ASERT research team has recently done some work reverse engineering a family of malware called "Zyklon H.T.T.P." that is written using the .Net framework. Zyklon (German for “cyclone”) is a large,...
View Article