Monday, September 19, 2016

Victim Notification and Early Warning: Online Travel and Logistics
On 19 SEP 2016, Wapack Labs discovered a collection of key-logged credentials for four prominent consumer based travel and logistics brands belonging to one umbrella company.  In all, 8303 keylogger outputs were identified across the four brands - many containing full username/password combinations, clipboard contents, travel plans, and payment information.

Publication date:                    19 September 2016

Handling requirements:          Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:      Daily Show

Actor Type:                             Tier I, II

Potential Targets:                    Payment processing

Past Reporting:                        Red Sky Alliance: DOC-2689

Indicators:                                Redacted key logger outputs may be viewed at Query terms are shown in the full report, available in Red Sky Alliance.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.