Overview On August 17, 2017, the National Bank of Ukraine (NBU) warned financial institutions in the country about a potential cyberattack. The virus would exploit the CVE-2015-2545 vulnerability to cause remote code execution by sending emails with the code disguised as a Microsoft Word document. Subsequently, a cybersecurity institution found...
Categoria: Emergency Response
Joao Malware Analysis
Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim's machine information to...
Moyou Trojan Analysis
Overview On August 2, 2017, ANTIY discovered a new DDoS trojan and dubbed it Moyou. After obtaining the related sample, NSFOCUS conducted a detailed analysis of the trojan. Sample Analysis The following figure shows the detection result of NSFOCUS Threat Analysis Center (TAC). The sample obtains the C&C server address...
Remote Access Trojan KONNI Targeting North Korea Technical Analysis and Solution
This July a remote access trojan (RAT) KONNI was discovered to be involved in a cyberattack targeting North Korea, which was presumably linked to South Korea. This RAT spreads mainly through phishing emails. Specifically, the attacker first tries to have a powershell script executed via an .scr file, and then...
Dahua Cameras Unauthorized Access Vulnerability Analysis & Solution
Overview Dahua Technology, a well-known security camera and digital video recorder (DVR) vendor in China, released firmware updates to address serious security vulnerabilities for several of their products. By exploiting this vulnerability an attacker can access the user database of a Dahua camera without needing administrative privileges and extract the...
Anatomy of An Attack – DNS Amplification
Author: Vann Abernethy, Field CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim. The basic technique of a DNS amplification attack is to spoof the IP of the intended target and send a request for a large DNS zone file to any number of...
