The Cyber Crime Chronicles: The Cyber Criminal

In our third of several articles on the main combatants most of us in the threat intelligence and information security world deal with, we’re going to profile the cyber-criminal. Perhaps the most nefarious, these attackers are driven almost exclusively by financial gain. These criminals typically target personal and corporate systems, and range in skill from Nigerian 419 phishers, to authors of advanced ransomware, software that takes over a computer and requires a ransom to be paid before the computer is unlocked. The attacks these criminals use range from blackmail (think the Ashley Madison hacks) to ransomware to phishing and

MalNet Maltego Transforms with ProofPoint Data

MalNet accesses the Proofpoint ET Intelligence™ comprehensive database that contains current and historical malicious IP addresses and domains. In this blog post we share screenshots of Maltego 4 and a quick youtube video. In this example, we cover 15 domains related to GozNym campaigns that operated in the month of April, 2016. MalNet with GozNym In the examples below, within the screenshots provided we cover malware associated with the domains manualtatex.com and houndsofcullen.com, identifying related malware, IP addresses, associated domains and IDS signatures related to traffic generated by malware. Starting with a Hash Get DNS Lookups Acquire Related

Tracking GozNym Campaigns with MalNet

In 2007, Don Jackson while at SecureWorks had written about the Gozi Trojan, sharing details on the modularization and monetization strategies utilized by this family of malware. More recently, (04/04/16) Limor Kessem from IBM had also provided some interesting background on Gozi and Nymaim . Correlating the different indicators and samples, we had been able to observe different recent campaigns had started on the 14th, of April with the following campaign dates of interest: 2016-04-04 (The outlier in our samples appears to be 04/04/16) 2016-04-14 2016-04-15 2016-04-16 2016-04-17 2016-04-18 2016-04-19 Looking at the sample submission dates and

Demonstration: Tracking Malware Campaigns and Domains Using MalNet

MalNet brings together the industry's most up to date and extensive threat information from Proofpoint with Maltego link analysis capabilities from ShadowDragon. MalNet enables threat analysts and researchers to identify and visualize malware connections in just minutes to expedite investigations and response. In this short 4 minute video we will demonstrate how MalNet enables analysts to track malware campaigns and domains using malnet. By starting with just an malware artifact, we'll show you how you can identify new domains, ip addresses and additional malware all related to this original artifact. Technical Audiances In this example we start off with the