We’re happy to announce the recent release of our MISP feeds. The Malware Information Sharing Platform (MISP), developed by circl.lu, is a popular open source threat sharing platform. Its primary goal is to facilitating the sharing, storing and correlation of Indicators of Compromise (IOC’s). In this post, we’ll outline a few of the features of…
Details
The actors behind the Emotet malware resumed operations on Monday November 5, 2018 after nearly a month hiatus. Emotet is one of the most prolific malware families currently in distribution. It is responsible for a significant portion of global malware spam. Emotet is known to be bundled alongside other types of malware including Zeus Panda…
Details
The actors distributing the Dridex banking trojan switched tactics again this week. In their latest campaign, distributing Dridex botnet 7200, the criminals have switched to using PDF files, with links to macro-enabled documents which finally download the Dridex payload. Examining the infection chain further, the initial attack vector is a PDF file attached to an…
Details
Starting October 19, 2017, the actors behind Locky distribution started using a new loader to drop their Ransomware. The new loader has been dubbed QTLoader or QTBot based on some strings and registry keys used by the malware. The use of the so-called QTLoader coincided with the adoption of the DDE AUTO feature of Office…
Details
The actors behind the Locky Ransomware family have adopted the recent highly publicized Dynamic Data Exchange (DDE) protocol vulnerability to deliver their malware. The DDE technique has been around for some time, but it was recently brought to attention by the people over at SensePost on October 9, 2017. The technique essentially allows for code…
Details
On Friday May 12, 2017, version 2.0 of the WannaCry (WanaCry) Ransomware generated global interest due to infecting a number of systems in high profile government institutions across the globe including the NHS, Russian Interior Ministry, FedEx, the Russian Police, one of the largest cellphone operators in Russia (MegaFon), and the Frankfurt S-Bahn. The malware…
Details
INetSim is a software suite for simulating common internet services in a lab environment. It is useful for behavioral analysis of Malware samples that require a given service to be active on a remote server in order to execute as expected, but you don’t want to have the sample actually connect to the Internet or…
Details
First reported here: http://forum.explorecrew.org/showthread.php?tid=110&pid=360 We have tested and confirmed that GTD 1 by Templatic is vulnerable on Ubuntu 12.04. In initial testing we were not able to exploit this vulnerability on GTD/P2 Reloaded 2.5 by WPVerse. If you are interested in receiving WordPress vulnerability notifications directly, please sign up for our WordPress Vulnerability Notification Service.…
Details
If you have been locked out of your WordPress admin panel because the IP address of your server changed or some other reason, you will need to log in to MySQL directly and manually change two values in the wp_options table. If you don’t remember your MySQL username and password, you can look it up…
Details
Ran across the following error when attempting to update VirtualBox Guest Additions on an Ubuntu 12.04 guest (Windows 8 host) from version 4.2.12 to 4.2.16: Installing graphics libraries and desktop services components …fail! The installer fails to remove the following two symlinks. If you execute the following commands (as root) and then run the installer…
Details