Cyber Crime Research Lab

By Dr. Peter Stephenson | Cyber crime technology research and news from the cyber underground.

UNIT 42 PLAYBOOK VIEWER

UNIT 42 PLAYBOOK VIEWER

Extract Malware Configuration with MalConfScan - JPCERT/CC Eyes

Every day, new types of malware are discovered. However, many of them are actually variants of existing malware - they share most part of the code …

Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users

Google Chrome and Firefox users are likely to use extensions such as ad blockers to help make their browsing more convenient and secure. But these aren’t always safe, as an independent security researcher can testify: He discovered eight browser extensions used by around 4 million Firefox and …

Google Chrome

Lateral phishing: The latest in email account takeover

Attackers are adapting their methods and finding new ways to exploit compromised email accounts, as account takeover continues to be one of the …

TrickBot malware learns how to spam, ensnares 250M email addresses

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.<p>The TrickBot malware was first spotted in 2016 but has since developed new …

Malware

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was …

AlienVault - Open Threat Exchange

Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today's …

US Cyber Command issues alert about hackers exploiting Outlook vulnerability

Chronicle links the malware samples to Iran's APT33 group, which previously developed the infamous Shamoon malware.<p>US Cyber Command has issued an …

Hackers change tactic, target small amounts from bank accounts

MANILA, Philippines — Fraudsters are shifting to other methods and techniques to illegally retrieve card information from unsuspecting individuals in …

FinTech

FinalRecon - OSINT Tool For All-In-One Web Reconnaissance

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with</b> …

DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.The tool will flag the matches for …

KaliTut: Using Ghidra to attack crackme

First Download crackme from the site MalwareTech , the password to the archive - too MalwareTech.<p>So, let's see what is in the archive. We see the …

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis …

Bypassing AD account lockout for a compromised account

This is for educational purposes only. Never do security testing on a machine you do not own or have permission to test on. If you don’t own it, …

Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls

This post details how to bypass firewalls to gain access to the Cardholder Data Environment (or CDE, to use the parlance of our times). End goal: to …

Sniff-Paste: OSINT Pastebin Harvester

Multithreaded pastebin scraper, scrapes to mysql database, then reads pastes for noteworthy information.<p>Use sniff-paste.py to go through the entire …

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with …

Emotet Adds New Evasion Technique

<i>by Marco Dela Vega, Jeanne Jocson and Mark Manahan</i><b>UPDATE as of May 2, 2019 5AM PDT: A previous version of this blog post speculated that connected</b> …

Analyzing Emotet with Ghidra — Part 2

A quick recap: Part 1 was an introduction into of using Ghidra as a tool to statically reverse engineer Emotet. Emotet encoded their strings with a …

Analyzing Emotet with Ghidra — Part 1

This post I’ll show how I used Ghidra in analyzing a recent sample of Emotet.<p>The analysis is done on the unpacked binary file. In this post I’m …

Kaspersky: 70 percent of attacks now target Office vulnerabilities

That's more than four times the percentage the company was seeing two years before, in Q4 2016.<p>Microsoft Office products are today's top target for …

Say hello to Baldr, a new stealer on the market

<i>By William Tsing, Vasilios Hioureas, and Jérôme Segura</i>Over the past few months, we have noticed increased activity and development of new stealers. …

Cybersecurity

'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level

Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.<p>KASPERSKY SECURITY …

Fraud

TrickBot malware attacks are ramping up ahead of Tax Day

A powerful data-stealing malware campaign with a tax theme is on the rise to target unsuspecting filers ahead of Tax Day.<p>TrickBot, a financially motivated trojan, infects Windows computers through a malicious Excel document sent by a specially crafted email. Once infected, the malware targets …

Mimikatz Credential Theft Techniques | CrowdStrike

This blog shares information on some examples of how the CrowdStrike® Falcon® OverWatch™ team has observed the open-source tool known as Mimikatz …

CrowdStrike

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

SummaryRecently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out …

FireEye

LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files

Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack.

This new malware is scanning the internet for systems info on valuable targets

Newly identified Xwo malware could be laying the groundwork for far more damaging cyberattacks around the globe, warn researchers.<p>A new form of …