Support

Defending the White Elephant

Click here to download the full report that includes attack details, TTPs and indicators of compromise.   Myanmar is a country currently engaged in an important political process. A pro-democracy reform took place in 2011 which has helped the government create an atmopshere conducive to investor interest. The country is resource rich, with a variety of […]

Continue Reading

Espionage, Spying and Big Corporate Data, These Are a Few of China’s Favorite Things

ASERT provides a weekly threat bulletin for Arbor customers that highlights and analyzes the week’s top security events and provides other pertinent infosec material. Recently, we covered the public notification of a United Airlines breach by possible Chinese state-sponsored threat actors. In this blog, we offer an alternative hypothesis to the conclusions many have drawn […]

Continue Reading

Automating Intelligence: Discovering Recent PlugX Campaigns Programmatically

One of the hardest things to do when you are receiving malware that have “anonymized” (e.g. name-is-hash) names or general samples that lack any indication of the infection vector is to determine the origin of the file and its intended target. Even harder is when you do not receive telemetry data from products that contains information […]

Continue Reading

Flu season starting early: the H1N1 Loader

The H1N1 Loader appears to be a relatively new downloader family that, to the best of our knowledge, was initially discovered and analyzed by the security community in May 2015. We have seen several samples show up in our malware zoo this Spring and have documented our preliminary findings from a network communications perspective in a […]

Continue Reading

Attack of the Shuriken 2015: Many Hands, Many Weapons

The expected evolution of DDoS attacks continues. Attack sizes increase over time, tools become easier to use, more threat actors are launching attacks, older attack techniques have become commoditized and new attack techniques are added to the mix on a regular basis. Attacks are cheap, easy, and extremely common. The criminal underground continues to provide […]

Continue Reading

DD4BC DDoS Extortion Threat Activity

For the last year or so, an individual or organization calling itself DD4BC (‘DDoS for Bitcoin’) has been rapidly increasing both the frequency and scope of its DDoS extortion attempts, shifting target demographics from Bitcoin exchanges to online casinos and betting shops and, most recently, to prominent financial institutions (banks, trading platforms and payment acquirers) across the United […]

Continue Reading

How to Become an Internet Supervillain in Three Easy Steps

One of the truisms of comic books and graphic novels is that nothing is immutable – both heroes and villains are rebooted, retconned, featured as radically (or subtly) different versions in alternate timelines, etc. The Marvel Cinematic Universe, which so far includes the Captain America, Thor,Hulk, Iron Man, and Avengers films, is a good example. […]

Continue Reading

Bedep’s DGA: Trading Foreign Exchange for Malware Domains

As initially researched by Trend Micro [1] [2], Zscaler [1] [2], Cyphort, and Malware don’t need Coffee, the Bedep malware family focuses on ad / click fraud and the downloading of additional malware. ASERT’s first sample dates from September 22, 2014, which is in line with when Trend Micro started seeing it in their telemetry. […]

Continue Reading

Neverquest: A global threat targeting Financials

By: ASERT Research Team On March 31st, Arbor’s Security Engineering & Response Team (ASERT) published a detailed threat brief on the Neverquest malware for Arbor customers. Along with thousands of IOC’s (indicators of compromise), the brief details Neverquest’s current inner workings and describes some reversing techniques ASERT uses to unravel and monitor this stealthy and […]

Continue Reading