I have not been uploading threat intelligence data the last few weeks. I am in the process of relocating to a new home, and have begun to break down my home lab VMs & equipment. I plan to release a summary of my data over the last few months before leaving my current residence, and … Continue reading "Threat Intelligence Report On Hold- Update"
Read MoreAuthor: sqearl
Threat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 07_15_2020-IOC-COUNTRY.csv Top attacking countries are China (23.12%) Ireland (15.26%), United States(7.84%), Russia (7.84%), … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreZeus Malware Analysis- Sophos UTM, Security Onion
I’ve posted about dynamic and automated analysis of the Zeus malware, but what about identifying Zeus from firewall & IDS logs? After executing Zeus, my Sophos UTM generated a few alerts. This is something that would absolutely stick out to me during daily log analysis. Drilling into the alert tells us threat “C2/Zaccess-A” attempted to … Continue reading "Zeus Malware Analysis- Sophos UTM, Security Onion"
Read MoreThreat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 2020_07_06-IOC_COUNTRY.csv Top attacking countries are China (24.87%) Ireland (14.06%), United States(7.91%), Panama (7.31%), … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreZeus Malware Analysis- Any.Run
I decided to run the Zeus Malware through an automated analysis tool and compare to what I saw using dynamic analysis with Remnux. I’m using the malware analysis tool at app.any.run The free version only supports Windows 7 executables, which Zeus targets. After uploading the file, app.any.run displays a windows UI and what the malware … Continue reading "Zeus Malware Analysis- Any.Run"
Read MoreThreat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 2020_06_28-IOC_COUNTRY.csv Top attacking countries are China (24.04%) Ireland (16.49%), Russia (8.36%), United States … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreZeus Malware Analysis- Remnux
Today we’re looking at dynamic malware analysis of Zeus with Remnux Linux. I wanted to RE a windows file this week, and am just not getting anything good on my RDP honeypot (yet). I thought, what better way to start windows malware analysis than with a old piece of malware? That way if I’m missing … Continue reading "Zeus Malware Analysis- Remnux"
Read MoreThreat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 2020_06_21-IOC_COUNTRY.csv Top attacking countries are China (24.99%) Ireland (17.19%), Russia (9.78%), United States … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreELF Analysis- kiga.x86
In addition to my weekly threat intel report, I’ll highlight a file/executable/exploit attempt seen in the last week. I’ll do some basic file analysis to better understand what it is, and what it’s trying to accomplish. Hopefully this can provide contextual data for those doing their own research. This week we’re looking at kiga.x86. Using … Continue reading "ELF Analysis- kiga.x86"
Read MoreThreat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 2020_06_14-IOC_COUNTRY.csv Top attacking countries are China (24.99%) Ireland (17.19%), Russia (9.78%), United States … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read More