Quick Ransomware Investigation

      No Comments on Quick Ransomware Investigation

This is just a very quick post to go over a recent ransomware incident. It appears that the first link in the infection chain is down now so, unfortunately,  I was unable to obtain a Fiddler capture. An email was received with a familiar social engineering attempt: Hovering over the link shows that it will take you to: bjp.co.id/voice.html When… Read more »

Honeypots Revisited

      20 Comments on Honeypots Revisited

I’ve written in previous posts about my honeypot setups and the visualization software that I use to display the data. You may also recall that I typically run my honeypots on underpowered cloud-based servers in an effort to keep costs low. This has caused a few issues at times. First of all, I’ve found that the various visualization software packages… Read more »

It’s Clear We Need A Sorting Hat

A few of my earlier posts detailed some of the methods that I use to find malware. Those methods all essentially required you to actively hunt for malware. The exceptions being my articles on honeypots where we can “let the malware come to us”. Recently, I’ve been going through a really good classic book on malware analysis entitled “Malware Analyst’s… Read more »

Down A Rabbit Hole, Part 2

      1 Comment on Down A Rabbit Hole, Part 2

In the previous post, a run-of-the-mill tech support scam pop-up from the website apple-techsupport[.]online started us on our trip down a rabbit hole. Now I realize that our trip thus far hasn’t been all that unusual. These types of domain relationships are encountered routinely by  malware hunters. However, this is where it gets more unconventional… Here’s our Google search from… Read more »

DionaeaFR – A Window Into Your Honeypot

In my previous post, I discussed installing a Dionaea honeypot to catch malware. If you used MHN (also discussed last time) to deploy your Dionaea instance, you are quite limited by the default interface as to the information that you can display about your honeypot traffic. There are a number “top 5” lists, for instance. You can also get a… Read more »