Research & Reports

Blackmoon Banking Trojan Overview

June 2, 2017 | Devika Jain

Overview The Blackmoon Bank Trojan that was originally identified in 2016 has since re-surfaced. Recently, more than 150,000 bank accounts were compromised in South Korea and the Blackmoon Trojan has been identified as the culprit. A new 2017 version has hit the financial industry and employs a new framework model primarily targeting the online banking […]

Swearing Trojan Exploit Overview

April 3, 2017 | Devika Jain

Author: Cody Mercer – Senior Threat Intelligence Researcher Executive Overview A new mobile banking Trojan titled ‘Swearing Trojan’ has been discovered by Tencent Security and Checkpoint researchers. The odd name of the malware is in part attributed to the various Chinese swear words sparsely distributed in the source code. The primary attributes associated with the […]

Dridex – v4

March 23, 2017 | Devika Jain

Author: Cody Mercer – Senior Threat Intelligence Research Analyst Executive Overview A newly discovered modified version of Dridex, now termed ‘Dridex v4’, has been recognized in the wild in recent days. The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has […]

StoneDrill – Shamoon & Shamoon 2.0 Variant

March 13, 2017 | Devika Jain

Author: Cody Mercer – Senior Threat Intelligence Researcher Executive Summary It would appear that a new variant titled ‘StoneDrill‘ has now hit the wild and conducts operations very similar to that of Shamoon 2.0 and Shamoon malware. Moreover, Kaspersky Labs has evaluated the source code and it appears to contain various source code line items […]

Does a Dropbear DDoS in the Woods?

February 28, 2017 | grosefelt

Author: Guy Rosefelt – Dir, PM Threat Intelligence & Web Security Recently, NSFOCUS has seen some interesting DDoS behavior.  Since Q4 of last year, there has been a rise in SSL/VPN and SSH based DDoS attacks.  Most people would not equate VPN or SSH as a viable mechanism for what is usually considered a volumetric […]

Enhanced Threat Awareness Proposition

February 24, 2017 | Devika Jain

Author: Cody Mercer, Senior Intelligence Threat Researcher Network threat attack vectors continually advance in diversity and complexity. Attacks supplied through advanced persistent threats (APT) now spread very quickly and on a larger scale. Various IOT devices and other assets to include mobile/hand-held devices, desktops, bare-metal networks, web applications, and social networks are all vulnerable to […]

Understanding Ransomware: An Overview

February 8, 2017 | Devika Jain

Author: Stephen Gates, Chief Research Intelligence Analyst Ransomware: The Human Touch As a security professional, I often get asked about the latest threats. Most consumers don’t understand the difference between viruses, worms, Trojans, spyware, adware, scareware, malvertising, phishing, etc. Sometimes, even those of us in the field see it all as malware. Basically, it’s all malicious […]

JTB Breach Leaks 7.93 Million Customer Related Records

February 8, 2017 | Devika Jain

Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an attack targeting its servers. Initial reports indicate that 7.93 million people using JTB to book trips may have had their personal booking data exposed. The leaked data contained sensitive […]


Threat Intelligence 2017 Predictions Report

February 7, 2017 | Devika Jain

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Executive Summary Looking back on 2016, there were a few key predictions that ended up becoming a reality. While many organizations have been reassuring themselves for years, saying: “Who would launch a DDoS attack against us?” – they ended up falling victim […]

Threat Analysis

Overview & Analysis of a Threat Intelligence Ecosystem

February 6, 2017 | Devika Jain

Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective parties. Cultivate a security data […]