Cyber Crime Research Lab

By Dr. Peter Stephenson | Cyber crime technology research and news from the cyber underground.

UNIT 42 PLAYBOOK VIEWER

UNIT 42 PLAYBOOK VIEWER

Extract Malware Configuration with MalConfScan - JPCERT/CC Eyes

Every day, new types of malware are discovered. However, many of them are actually variants of existing malware - they share most part of the code …

Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users

Sensitive data belonging to millions of Google Chrome and Firefox users spanning individuals and corporations has been leaked by rogue browser extensions, a new report shows.<p>Google Chrome and Firefox users are likely to use extensions such as ad blockers to help make their browsing more convenient …

Google Chrome

Lateral phishing: The latest in email account takeover

Attackers are adapting their methods and finding new ways to exploit compromised email accounts, as account takeover continues to be one of the …

Phishing

TrickBot malware learns how to spam, ensnares 250M email addresses

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.<p>The TrickBot malware was first spotted in 2016 but has since developed new …

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was …

USCYBERCOM Malware Alert July 2019 - AlienVault - Open Threat Exchange

USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching. Malware is currently delivered and indicators …

US Cyber Command issues alert about hackers exploiting Outlook vulnerability

Chronicle links the malware samples to Iran's APT33 group, which previously developed the infamous Shamoon malware.<p>US Cyber Command has issued an …

Hackers change tactic, target small amounts from bank accounts

MANILA, Philippines — Fraudsters are shifting to other methods and techniques to illegally retrieve card information from unsuspecting individuals in …

FinalRecon - OSINT Tool For All-In-One Web Reconnaissance

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with</b> …

OSINT

DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.The tool will flag the matches for …

Shubhankar Sharma

KaliTut: Using Ghidra to attack crackme

First Download crackme from the site MalwareTech , the password to the archive - too MalwareTech.<p>So, let's see what is in the archive. We see the …

Virtual Machine

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis …

Bypassing AD account lockout for a compromised account

Bypassing AD account lockout for a compromised account<p>This is for educational purposes only. Never do security testing on a machine you do not own or …

Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls

This post details how to bypass firewalls to gain access to the Cardholder Data Environment (or CDE, to use the parlance of our times). End goal: to …

Firewalls

Sniff-Paste: OSINT Pastebin Harvester

Multithreaded pastebin scraper, scrapes to mysql database, then reads pastes for noteworthy information.<p>Use sniff-paste.py to go through the entire …

OSINT

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with …

Emotet Adds New Evasion Technique

<i>by Marco Dela Vega, Jeanne Jocson and Mark Manahan</i><b>UPDATE as of May 2, 2019 5AM PDT: A previous version of this blog post speculated that connected</b> …

Analyzing Emotet with Ghidra — Part 2

This post is a continuation from Part 1.<p><b>SHA256:</b> <b>ee0a206415cce60f8b3afb29d8c17f86fe1923cbdf69812be139a3012b2fa24b</b><p>A quick recap: Part 1 was an …

Analyzing Emotet with Ghidra — Part 1

This post I’ll show how I used Ghidra in analyzing a recent sample of Emotet.<p>If you have read this, here is Part 2.<p><b>SHA256:</b></b> …

Kaspersky: 70 percent of attacks now target Office vulnerabilities

That's more than four times the percentage the company was seeing two years before, in Q4 2016.<p>Microsoft Office products are today's top target for …

Say hello to Baldr, a new stealer on the market

<i>By William Tsing, Vasilios Hioureas, and Jérôme Segura</i>Over the past few months, we have noticed increased activity and development of new stealers. …

'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level

Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.<p>KASPERSKY SECURITY …

TrickBot malware attacks are ramping up ahead of Tax Day

A powerful data-stealing malware campaign with a tax theme is on the rise to target unsuspecting filers ahead of Tax Day.<p>TrickBot, a financially motivated trojan, infects Windows computers through a malicious Excel document sent by a specially crafted email. Once infected, the malware targets …

Mimikatz Credential Theft Techniques | CrowdStrike

This blog shares information on some examples of how the CrowdStrike® Falcon® OverWatch™ team has observed the open-source tool known as Mimikatz …

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

SummaryRecently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out …

LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files

Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack.

This new malware is scanning the internet for systems info on valuable targets

Newly identified Xwo malware could be laying the groundwork for far more damaging cyberattacks around the globe, warn researchers.<p>A new form of …