Saturday, October 8, 2016

Threat Actor Offers Variety of Tools for Free

Wapack analysts have observed a threat actor who has been advertising his coding abilities (and potential services) in both the public Internet and the dark web. The threat actor typically writes his programs in Python, uses Kali Linux and also appears to be able to speak Japanese. Wapack analysts have observed the threat actor using several OPSEC techniques indicating that he is more sophisticated than script kiddie-level (novice or beginner) threat actors.

Publication date:                            6 October 2016

Handling requirements:                  Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:              N/A

Actor Type:                                     Adversary capabilities have been assessed as Tier II*

Potential Targets:                            N/A

Past Reporting:                                N/A

*Practitioners with a greater depth of experience, with the ability to develop their own tools (from publicly known vulnerabilities). 

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.