Lucene search
+L

202 matches found

exploitpack
exploitpack
added 2018/01/15 12:0 a.m.15 views

DarkComet (C2 Server) - File Upload

DarkComet C2 Server - File Upload !/usr/bin/env python3 EDB Note: Source https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01/259944bd94a0d289ef80b9138c1e3f97a97aa9cd from time import sleep from socket import socket, AFINET, SOCKSTREAM, error from re import search from...

Exploits0
ThreatPost
ThreatPost
added 2017/10/09 11:0 a.m.11 views

FormBook Malware Targets U.S. Defense Contractors, Aerospace and Manufacturing Sectors

Attackers spreading new malware called FormBook are singling out aerospace firms, defense contractors and some manufacturing organizations in the United States and South Korea. According to researchers at FireEye, FormBook was spotted in several high-volume distribution campaigns targeting the U....

7.3AI score
Exploits0References3
FireEye
FireEye
added 2017/10/05 10:30 a.m.165 views

Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea

We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2017/09/20 2:57 p.m.51 views

CCleaner Command and Control Causes Concern

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams.Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/09/18 3:31 p.m.56 views

[Updated] Infected CCleaner downloads from official servers

Update 9/19/2017: Avast posted a clarification explaining what happened and giving a timeline of the events. One point we should take note of is that the breach preceded the take-over of Piriform by Avast. Users that are unsure whether they were affected by this and whether their data may have be...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2017/08/04 10:1 a.m.49 views

Threat Round-up for July 28 - August 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 28 and August 04. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristic...

6.7AI score
Exploits0
FireEye
FireEye
added 2017/07/25 1:0 p.m.53 views

HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign

A wide variety of threat actors began distributing HawkEye malware through high-volume email campaigns after it became available for purchase via a public-facing website. The actors behind the phishing campaigns typically used email themes based on current events and media reports that would piqu...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2017/07/12 2:56 p.m.13 views

New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot

Botnets distributing FlokiBot point-of-sale malware have awoken from months of slumber and are back in business spewing a new malware dubbed LockPoS. Researchers say the malware is still flying under the radar of many antivirus and intrusion detection systems because it’s so new. Currently, LockP...

0.6AI score
Exploits0References3
myhack58
myhack58
added 2017/06/13 12:0 a.m.259 views

SambaCry exploit analysis-exploit warning-the black bar safety net

“2017 5 May 24, Samba released a 4. 6. 4 version, in the middle fix a serious remote code execution vulnerability, the vulnerability number CVE-2017-7494, the vulnerability affects Samba 3.5.0 after to 4. 6. 4/4. 5. 10/4. 4. 14 in the middle of all versions. SambaCry vulnerability is a scale spre...

10CVSS0.5AI score0.99448EPSS
Exploits24
FireEye
FireEye
added 2017/05/04 12:30 p.m.42 views

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

0.4AI score
Exploits0
FireEye
FireEye
added 2017/04/24 10:30 a.m.40 views

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...

0.2AI score
Exploits0
FireEye
FireEye
added 2017/04/24 10:30 a.m.21 views

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2017/04/17 3:13 p.m.16 views

Wave of Java-Based RATs Target Tax Filers

Spammers are spreading Java-based remote access Trojans, known as jRATs, targeting tax filers with attachments named “IRS Updates.jar” and “ImportantPDF.jar” that, if executed, give attackers access to compromised endpoints. Zscaler, which is tracking the jRATs, believes some of the campaigns cou...

1.2AI score
Exploits0References7
Kitploit
Kitploit
added 2017/04/11 2:2 p.m.150 views

PoshC2 - Powershell C2 Server and Implants

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

7.4AI score
Exploits0References2
FireEye
FireEye
added 2016/07/18 8:0 a.m.22 views

Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection

Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...

7AI score
Exploits0
FireEye
FireEye
added 2016/04/26 12:30 p.m.41 views

RuMMS: The Latest Family of Android Malware Attacking Users in Russia Via SMS Phishing

Introduction Recently we observed an Android malware family being used to attack users in Russia. The malware samples were mainly distributed through a series of malicious subdomains registered under a legitimate domain belonging to a well-known shared hosting service provider in Russia. Because...

7.8AI score
Exploits0
FireEye
FireEye
added 2016/04/26 8:30 a.m.24 views

RuMMS: The Latest Family of Android Malware Attacking Users in Russia Via SMS Phishing

Introduction Recently we observed an Android malware family being used to attack users in Russia. The malware samples were mainly distributed through a series of malicious subdomains registered under a legitimate domain belonging to a well-known shared hosting service provider in Russia. Because...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/10/09 2:17 p.m.10 views

Rovnix Variant Surfaces With New DGA

Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers. Rovnix is a malware variant that often has been distribute...

1.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/09/08 2:2 p.m.12 views

Salesforce Warns Customers of Dyreza Banker Trojan Attacks

Salesforce.com is warning its customers that the Dyreza banker Trojan is now believed to be targeting some of the company’s users. The Trojan, which has the ability to bypass SSL, typically goes after customers of major banks, but seems to be expanding its reach. Dyreza is relatively new among th...

1.5AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/12/18 10:0 a.m.18 views

DGA Changer Malware Able to Modify Domain-Generation Seed on the Fly

Malware authors have been using domain-generation algorithms for a few years now, often in botnet-related malware that needs to stay one step ahead of takedown attempts and law enforcement agencies. Now, researchers have discovered that a strain of malware that may have been part of the attack in...

0.5AI score
Exploits0References3
Rows per page
Query Builder