Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a...

Hackers using Pastebin commands to spread njRAT (Bladabindi) trojan

By Deeba Ahmed njRAT was developed in .NET. It is a common Trojan used for remotely hijacking the key functions of a compromised device. This is a post from HackRead.com Read the original post: Hackers using Pastebin commands to spread njRAT Bladabindi trojan...

New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

By Waqas Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules. This is a post from HackRead.com Read the original post: New worming botnet Gitpaste-12 infecting IoT devices, Linux servers...

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things IoT devices that are based on ARM and MIPS CPUs. Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules...

Malware Families Turn to Legit Pastebin-Like Service

Cybercriminals are increasingly turning to a legitimate, Pastebin-like web service for downloading malware — such as AgentTesla and LimeRAT — in spear-phishing attacks. Pastebin, a code-hosting service that enables users to share plain text through public posts called “pastes,” currently has 17...

Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

Scrape/Parse Pastebin using GO and grammar expression PEG. Installation $ go get -u github.com/notdodo/pastego Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && earthquake, password && php ||...

Malicious Package in boogeyman

All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...

HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website

Security Tool for Reconnaissance and Information Gathering on a website. python 2.x & 3.x This script use "WafW00f" to detect the WAF in the first step https://github.com/EnableSecurity/wafw00f This script use "Sublist3r" to scan subdomains https://github.com/aboul3la/Sublist3r This script use...

Upgraded Aggah malspam campaign delivers multiple RATs

By Asheer Malhotra Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans RATs.The infection chain utilized in the attacks is highly modularized.The attackers utilize publicly available infrastructure such as Bitly and Pastebin spread...

DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins BTC, in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox,...

Drake Lyrics Used as Calling Card in Malware Attack

A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...

RTTM - Real Time Threat Monitoring Tool

Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM Real Time Threat Monitoring...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo By Jessica Saavedra-Morales · October 20, 2019 Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandGrab, the most prolific...

Watchbog and the Importance of Patching

By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response CSIRS recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-bas...

EMAGNET - Tool For Find Leaked Databases With 97.1% Accurate To Grab Mail + Password Together From Pastebin Leaks

Emagnet is a very powerful tool for it's purpose wich is to capture email addresses and passwords from leaked databases uploaded on pastebin. It's almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin's techs or the uploads...

pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses

OSINT Tool to Find Passwords for Compromised Email Accounts pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Featured OSINT Collection Tools forPastebin - Jake Creps Get In Touch Twitter Telegram Blog Changelog Features haveibeenpwned...

glot-wwww Arbitrary Code Execution Vulnerability

glot-www is an open source pastebin with runnable snippets and an API. A security vulnerability exists in the default configuration in glot-www 2018-05-19 and earlier versions. A remote attacker can exploit the vulnerability to execute arbitrary code...

fireELF - Fileless Linux Malware Framework

fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfdcreate' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive. Feature...

Pepe - Collect Information About Email Addresses From Pastebin

Collect information about leaked email addresses from Pastebin About Script parses Pastebin email:password dumps and gather information about each email address. It supports Google, Trumail, Pipl, FullContact and HaveIBeenPwned. Moreover, it allows you to send an informational mail to person abou...

New zero-day vulnerability CVE-2019-0859 in win32k.sys

In March 2019, our automatic Exploit Prevention EP systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. It was the fifth consecutive exploited Local Privilege...