Author: sqearl

Threat Intelligence Report- IOCs Weekly

Posted: July 15, 2020 Under: IOCs Weekly By No Comments

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 07_15_2020-IOC-COUNTRY.csv Top attacking countries are China (23.12%) Ireland (15.26%), United States(7.84%), Russia (7.84%), … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Zeus Malware Analysis- Sophos UTM, Security Onion

Posted: July 08, 2020 Under: File Analysis By No Comments

I’ve posted about dynamic and automated analysis of the Zeus malware, but what about identifying Zeus from firewall & IDS logs? After executing Zeus, my Sophos UTM generated a few alerts. This is something that would absolutely stick out to me during daily log analysis. Drilling into the alert tells us threat “C2/Zaccess-A” attempted to … Continue reading "Zeus Malware Analysis- Sophos UTM, Security Onion"

Read More

Threat Intelligence Report- IOCs Weekly

Posted: July 06, 2020 Under: IOCs Weekly By No Comments

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 2020_07_06-IOC_COUNTRY.csv Top attacking countries are China (24.87%) Ireland (14.06%), United States(7.91%), Panama (7.31%), … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Zeus Malware Analysis- Any.Run

Posted: July 05, 2020 Under: File Analysis By No Comments

I decided to run the Zeus Malware through an automated analysis tool and compare to what I saw using dynamic analysis with Remnux.  I’m using the malware analysis tool at app.any.run The free version only supports Windows 7 executables, which Zeus targets. After uploading the file, app.any.run displays a windows UI and what the malware … Continue reading "Zeus Malware Analysis- Any.Run"

Read More

Threat Intelligence Report- IOCs Weekly

Posted: June 28, 2020 Under: IOCs Weekly By No Comments

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 2020_06_28-IOC_COUNTRY.csv Top attacking countries are China (24.04%) Ireland (16.49%), Russia (8.36%), United States … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Threat Intelligence Report- IOCs Weekly

Posted: June 22, 2020 Under: IOCs Weekly By No Comments

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 2020_06_21-IOC_COUNTRY.csv Top attacking countries are China (24.99%) Ireland (17.19%), Russia (9.78%), United States … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Threat Intelligence Report- IOCs Weekly

Posted: June 15, 2020 Under: IOCs Weekly By No Comments

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 2020_06_14-IOC_COUNTRY.csv Top attacking countries are China (24.99%) Ireland (17.19%), Russia (9.78%), United States … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More