Showing posts with label Joshua Shilko. Show all posts
Showing posts with label Joshua Shilko. Show all posts

Tuesday, November 14, 2017

Office DDE feature exploited to deliver DNSMessenger payload in new targeted phishing campaign

Figure 19.png

The Research, Analysis, and Intelligence Division (R.A.I.D.) here at PhishLabs interacts with a multitude of malware samples in our day-to-day operations. Occasionally, we come across a campaign that stands out from the rest. One such instance occurred recently when one of our Phishing Threat Monitoring service clients was targeted with DNSMessenger, a sophisticated, memory-based infection technique, which has been previously associated with a financially-motivated Advanced Persistent Threat (APT) actor group. Also notable is the delivery method – the increasingly popular Dynamic Data Exchange (DDE) protocol Office document attack. This delivery method has recently been adopted by actors ranging from nation-state APTs to spammers peddling downloaders and ransomware. In this article, we will examine this delivery vector and dissect the initial DNSMessenger payload.

The post Office DDE feature exploited to deliver DNSMessenger payload in new targeted phishing campaign appeared first on Security Boulevard.



from Office DDE feature exploited to deliver DNSMessenger payload in new targeted phishing campaign
Posted by at No comments:
Labels:

Tuesday, September 5, 2017

BankBot Continues Its Evolution as AgressiveX AndroBot

Bankbot Figure 1.png

PhishLabs researchers recently came across BankBot Android Banking Trojan samples which have a redesigned Administration Panel and new URL paths in their C2 infrastructure. The actor may be customizing BankBot to his or her liking, or perhaps re-packaging the leaked software for sale under another name. The use of the branded domain, agressivex[.]com, supports the latter. The new panel login screen is displayed below next to a more typical BankBot Maza-in panel. 



from BankBot Continues Its Evolution as AgressiveX AndroBot
Posted by at No comments:
Labels:

Saturday, May 27, 2017

Marcher and Other Mobile Threats: What You Need to Know

bigstock-Mobile-phone-security-13460990.jpg

When most people think about cyber risk, they think primarily of their organization’s servers, PCs, and laptops, and how they might be vulnerable to attack.

But in recent years, the way in which users interact with the outside world has changed. In March this year, for the first time ever, Android overtook Windows to claim the largest share of Internet traffic.

And naturally, where users go, threat actors will surely follow.



from Marcher and Other Mobile Threats: What You Need to Know
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)