Arbor Threat Intelligence

Arbor's Security Engineering & Response Team (ASERT) Blog
image description

Reaper Madness

On October 19th, a team of security researchers warned of a new IoT Botnet that had already infected “an estimated million organizations” and that was poised to “take down the internet”. This report was subsequently picked up by the press and spread quickly via social media. […]

Read more

SnatchLoader Reloaded

Executive Summary SnatchLoader is a “downloader” malware—a type of malware that specializes in distributing (or loading) other malware onto infected computers. We first started seeing it in the wild around January 2017, but after a few months it went dormant. Recently, development of the malware […]

Read more

Down to the WireX

Over the course of the last few weeks, a botnet comprised mainly of Android mobile devices has been utilized to launch a high-impact DDoS extortion campaign against multiple organizations in the travel and hospitality sector. This botnet, dubbed ‘WireX’, is only the second mobile botnet […]

Read more

LockPoS Joins the Flock

While revisiting a Flokibot campaign that was targeting point of sale (PoS) systems in Brazil earlier this year, we discovered something interesting. One of the command and control (C2) servers that had been dormant for quite some time had suddenly woken up and started distributing […]

Read more

Patching Not Enough to Stop Petya

Voluminous amounts of information have already been disseminated regarding the “Petya” (or is it “NotPetya”? [1]) ransomware that hit the Ukraine hard [2] along with organizations such as “the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, Saint-Gobain […]

Read more

Pivoting off Hidden Cobra Indicators

On June 13th 2017, US-CERT issued a joint Technical Alert (TA17-164A) entitled Hidden Cobra – North Korea’s DDoS Botnet Infrastructure. The alert, which was the result of analytic efforts between the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), included a list […]

Read more

Another Banker Enters the Matrix

This post takes a look at a new banking malware that has, so far, been targeting financial institutions in Latin America—specifically, Mexico and Peru. Initially, we’ve called it “Matrix Banker” based on its command and control (C2) login panel, but it seems that “Matrix Admin” […]

Read more

Zyklon Season

The ASERT research team has recently done some work reverse engineering a family of malware called “Zyklon H.T.T.P.” that is written using the .Net framework. Zyklon (German for “cyclone”) is a large, multi-purpose trojan that includes support for a variety of malicious activities, including several […]

Read more