• Flowspec – TA505’s bulletproof hoster of choice

    July 15, 2020 by

    By the Intel 471 Intelligence Analysis team. Here at Intel 471 we spend a fair amount of time tracking malicious infrastructure providers. In the world of cybercrime the malicious infrastructure provider, or Bulletproof Hoster (BPH) as they are called in the underground marketplace, is a core enabling service that often gets little attention from threat… Read more

  • Iran’s domestic espionage: Lessons from recent data leaks

    July 8, 2020 by

    By the Intel 471 Global Research Team. In the last decade, Iran has undergone a quiet revolution. Since the“Green Movement” uprising in 2009, more Iranians have dared to openly oppose their regime. The reasons include accusations of elections tampering, global sanctions, increased inflation, heavy investment of state funds in the nuclear and arming programs, and… Read more

  • You need to adjust your patch priorities!

    May 20, 2020 by

    By the Intel 471 Intelligence Analysis team. Some business people might say the security folks don’t understand the dollar impact of taking a system offline. The reality is in business often time is money and quantifying the cost of key systems being taken offline is a real thing. Some security folks might also say that… Read more

  • Changes in REvil ransomware version 2.2

    May 4, 2020 by

    By the Intel 471 Malware Intelligence team. Summary The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered in… Read more

  • COVID-19 pandemic: Through the cybercriminal’s eyes

    April 30, 2020 by

    By the Intel 471 Intelligence team. Cybercriminals’ exploitation of the global Coronavirus Disease 2019 (COVID-19) pandemic (in phishing lures, for example) has been covered widely in the media. But one underreported aspect is how the coronavirus itself is impacting cybercrime actors, their activities and their infrastructure. Our research of the underground marketplace and these actors… Read more

  • Understanding the relationship between Emotet, Ryuk and TrickBot

    April 14, 2020 by

    By the Intel 471 Malware Intelligence team. One of the more notable relationships in the world of cybercrime is that between Emotet, Ryuk and TrickBot. This loader-ransomware-banker trifecta has wreaked havoc in the business world over the past two years, causing millions of dollars in damages and ransoms paid. Our Malware Intelligence team receives a… Read more

  • REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation

    March 31, 2020 by

    By the Intel 471 Malware Intelligence team. Summary REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behaves… Read more

  • Analysis of an attempted attack against Intel 471

    March 25, 2020 by

    By the Intel 471 Malware Intelligence team. Background The following write-up is our analysis of an attack attempted against one of our employees this week. At no point was our employee’s system at risk of being compromised. Interestingly, the employee’s email address only had been used in very few instances externally. We are releasing this… Read more

View all posts