Category: analysis

memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations

ASERT Threat Summary: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations Date/Time: 27022018 2325UTC Title/Number: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations – February 2018 – v1.4. Severity: Critical Distribution: TLP WHITE (see <https://www.us-cert.gov/tlp>) Categories: Availability Authors: Roland Dobbins & Steinthor Bjarnason Contributors: Keshav […]

Read more

Musical Chairs Playing Tetris

February 20, 2018: This blog has been amended since it was originally published on February 15, 2018. This version removes the association with the APT group responsible for the Night Dragon campaign that we had incorrectly made. We thank the research team at Palo Alto […]

Read more

SnatchLoader Reloaded

Executive Summary SnatchLoader is a “downloader” malware—a type of malware that specializes in distributing (or loading) other malware onto infected computers. We first started seeing it in the wild around January 2017, but after a few months it went dormant. Recently, development of the malware […]

Read more

LockPoS Joins the Flock

While revisiting a Flokibot campaign that was targeting point of sale (PoS) systems in Brazil earlier this year, we discovered something interesting. One of the command and control (C2) servers that had been dormant for quite some time had suddenly woken up and started distributing […]

Read more

Another Banker Enters the Matrix

This post takes a look at a new banking malware that has, so far, been targeting financial institutions in Latin America—specifically, Mexico and Peru. Initially, we’ve called it “Matrix Banker” based on its command and control (C2) login panel, but it seems that “Matrix Admin” […]

Read more