Saturday, August 30, 2014

Monday, August 25, 2014

Wapack Labs Technical Analysis: VSkimmer and BlackPOS

Originally published on January 30, 2014, this analysis product was offered privately during the height of the Target breach. Over the weekend (August 2014), more reports followed of point of sale exploitation with BlackPOS. Several others have provided technical analysis of BlackPOS, but we've decided to openly post this analysis because of it's closeness to another builder "VSkimmer", and the need for a farmed indicator list.

This analysis is provided by Wapack Labs as part of an ongoing analysis of POS exploits in the wake of the recent widespread retailer breaches.

Please, enjoy!

Download the full report.

Executive Summary:

Automated tools are often times used by hackers to generate malware. This report summarizes two cracked Point of Sale (POS) “malware builders” obtained by Wapack Labs in January 2014. The first is identified as a VSkimmer variant and the second as BlackPOS. Both builders were cracked by French white-hat hacker Xylitol[1]. This report also provides protocol details and signatures for the analyzed specimens and the payloads generated by the respective builder kits.

Wapack Labs analyzed both builders in one report because of a common thread –they’re both weaponized using the same backdoor. It is possible that in both cases, this serves as an additional channel for acquiring stolen credit card data.




[1] http://www.itnews.com.au/News/356543,the-rise-of-the-white-hat-vigilante.aspx




Saturday, August 23, 2014

Henrybasset's 'Red Sky Alliance' Blog: Red Sky Weekly: Shocking!

Henrybasset's 'Red Sky Alliance' Blog: Red Sky Weekly: Shocking!: Author: Cuban political cartoonist  Antonio Prohías German intelligence spies on Americans and Turks ? Chinese Hackers targeting infor...

Friday, August 22, 2014

New API module for Wapack's ThreatRecon!

New API module for Wapack's ThreatRecon! Thanks to Seth Bromberger for writing Python module for our cyber threat intelligence system ThreatRecon.  You can download the module here: 



https://pypi.python.org/pypi/threatrecon


Thanks Seth!

Friday, August 15, 2014

Threat Recon 101 reminder

Hosting Threat Recon 101 via webinar today at 1:00 EST. Please register here.


If you use Virus Total, Domain Tools, or any of the other applications in analysis of cyber events, you're going to love Threat Recon. 

See you at 1!

Jeff

Wednesday, August 13, 2014

Threat Recon 101

All,

Thank you all very much for trying out our new offering, Threat Recon API. We know that documentation sometimes comes second, so I've asked Chris to do a short webinar, 30 minutes total including time for questions. If we need longer, we'll take it, but he'll cover Threat Recon 101 --using Python to work with the API, where to find the scripts, and what the terminology in our API actually means.. "What's the difference between direct and derived?" or "What exactly does the confidence level indicate?"

We're hosting Threat Recon 101 on Friday, 8/15/14 at 1:00 EST. The bridge information for the webinar is shown below. We're limited to 100 people on the bridge. It will be recorded, and if needed, we'll host another next week.

Hope to see you on the webinar! Instructions are shown below.

Thanks!
Jeff

=====================================================
Please register for Threat Recon 101 on Aug 15, 2014 1:00 PM EST at:

https://attendee.gotowebinar.com/register/7775049501651962370

For our new users, Chris Hall, Wapack Lab's lead technical analyst will present a short tutorial on accessing and using the Threat Recon API. After registering, you will receive a confirmation email containing information about joining the webinar.

Brought to you by GoToWebinar®
Webinars Made Easy®

Saturday, August 9, 2014

Thursday, August 7, 2014

CRITS and Threat Recon?

Great news! 



Maltego transforms have been in the GitHub since day one, and we considered that a major feat in early adoption, but now CRITS? 

For the uninitiated, CRITS (Collaborative Research into Threats) is an application built by Mitre to assist with analysis against cyber threats..  CRITs is used by cyber operators and analysts to tie malware campaigns actors and bots to webapp/mobile/social-network-site attack vectors.


The GitHub for the code can be found on MadVillian's Github at: https://github.com/crits/crits_services/tree/master/threatrecon_service

This is great news!  Thank you!