By: Wes Riley and Erik Heuser In twenty plus years navigating the complexities of the information security (InfoSec) industry a common theme emerges: the fascination with creating the digital panacea, or Easy Button. Marketing departments highlight their product in the best light possible and tell you it will solve all your InfoSec headaches. Years...

On June 14th, 2017, a new variant of ZXShell appears to have been uploaded from the Marmara region of Turkey. The Trojan itself is well known and contained x32 and x64 rootkits. This blog describes the functionality of ZXShell, as well as the associate rootkits. The Trojan source code is available here. Metadata File Name:   5d2a4cde9fa7c2fdbf39b2e2ffd23378d0c50701a3095d1e91e3cf922d7b0b16.dll...

By Azeem Aleem, Gareth Pritchard and David Gray, RSA Advanced Cyber Defense It’s mid-2017 and the news is alight with yet another alarming cybersecurity attack. A new strain of a malware variant, which on first analysis looks very similar to a previously reported malware strain called “Petya” (ransomware armed with the EternalBlue exploit amongst other...

By Alex Cox, Christopher Elisan and Erik Heuser, RSA Research A Ransomware variant known as “Petya/NotPetya” began making the rounds on June 27, 2017. This ransomware takes a different approach to denying access to the victim’s files. Instead of the usual displaying of a message and letting the victim browse to really see that the target files are...

In March 2017, Palo Alto Networks Unit 42 published research on a new malicious spam campaign dubbed “Blank Slate.” Named as such because the malspam message is empty. Only the malicious attachment is present, as seen in Figure 1. Figure 1: Blank Slate malspam e-mail Recently, Blank Slate struck deploying Cerber ransomware once again, affording...

Over the last several months, RSA Research embarked on a cross-organizational effort against RIG Exploit Kit (RIG EK or just plain RIG), which led to insight into the operational infrastructure (and possibly the entire ecosystem), as well as significant discoveries related to domain shadowing. Domain shadowing is “a technique in which attackers steal...