X-Industry

ransomware (3)

Introduction: 

Wapack Labs SOC identified JexBoss exploit attempts against an HVAC Controller, a NetScaler device, and the CEO of the company. This exploit is known to be a delivery mechanism of SamSam ransomware --and it would have been the second time this company would have suffered a large scale ramsomware attack.

Summary

Wapack Labs observed multiple attempts to exploit JBoss Application Servers using the…

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1]  SamSam ransomware is unique in its nature due to targeted victims and large ransom demands.  The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully…

Doppelgänger is a German derived word for an apparition or double of a living person. Doppelgänging is a complex form of typosquatting. Process Doppelgänging is a code injection technique that disrupts the Microsoft Windows mechanism of New Technology File System (NTFS) transactions which create and hide malicious IT processes. This all in an attempt to avoid detection by antivirus software. Process Doppelgänging is a technique similar to the old Process Hollowing. The Process Doppelgänging…