Thursday, August 8, 2019

Wapack Labs REDXRAY Threat Report (1 companies with new threats)

Banks and Credit Unions

REDXRAY Threat Report

All hits in this notification should be investigated by an analyst before being actioned or blocked. For more information, please contact Wapack Labs at 888-733-9729.

People's United Financial

Botnet Tracker - 0 Breach Data - 2 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Bank of New England: No new indicators for this company in the past 24 hours.

Bank of New Hampshire: No new indicators for this company in the past 24 hours.

Bellwether Community Credit Union: No new indicators for this company in the past 24 hours.

Cambridge Trust Company of New Hampshire, Inc.: No new indicators for this company in the past 24 hours.

Charter Trust Company: No new indicators for this company in the past 24 hours.

Claremont Savings Bank: No new indicators for this company in the past 24 hours.

Deutsche AM Trust Company: No new indicators for this company in the past 24 hours.

Exeter Trust Company: No new indicators for this company in the past 24 hours.

Franklin Savings Bank: No new indicators for this company in the past 24 hours.

Granite Bank: No new indicators for this company in the past 24 hours.

Granite State Credit Union: No new indicators for this company in the past 24 hours.

Hemenway Trust Company LLC: No new indicators for this company in the past 24 hours.

Holy Rosary Regional Credit Union: No new indicators for this company in the past 24 hours.

Members First Credit Union of New Hampshire: No new indicators for this company in the past 24 hours.

Meredith Village Savings Bank: No new indicators for this company in the past 24 hours.

Merrimack County Savings Bank: No new indicators for this company in the past 24 hours.

New Hampshire Postal Credit Union: No new indicators for this company in the past 24 hours.

New Hampshire Trust Company: No new indicators for this company in the past 24 hours.

Newport Trust Company: No new indicators for this company in the past 24 hours.

Northeast Credit Union: No new indicators for this company in the past 24 hours.

Northern Trust Corp.: No new indicators for this company in the past 24 hours.

Northway Bank: No new indicators for this company in the past 24 hours.

Peoples Bank: No new indicators for this company in the past 24 hours.

Perspecta Trust LLC: No new indicators for this company in the past 24 hours.

Piscataqua Savings Bank: No new indicators for this company in the past 24 hours.

Primary Bank: No new indicators for this company in the past 24 hours.

Profile Bank: No new indicators for this company in the past 24 hours.

Salem Cooperative Bank: No new indicators for this company in the past 24 hours.

Savings Bank of Walpole: No new indicators for this company in the past 24 hours.

Service Credit Union: No new indicators for this company in the past 24 hours.

St. Mary's Bank: No new indicators for this company in the past 24 hours.

Sugar River Bank: No new indicators for this company in the past 24 hours.

Triangle Credit Union: No new indicators for this company in the past 24 hours.

VantageTrust Company, LLC: No new indicators for this company in the past 24 hours.

Woodsville Guaranty Savings Bank: No new indicators for this company in the past 24 hours.


Botnet_tracker

If your IP address is found in botnet tracker, it means that it was seen in a communication with a malicious endpoint. This does not automatically indicate a malware infection as there are a number of reasons why two IP addresses might communicate. The traffic should first be inspected before escalating to incident responders.

Keylogger

A keylogger hit means your domain or IP address appeared in a keylogger output file. This would mean one of the following things: 1) A keylogger malware is running on your network. 2) A username and password belonging to an employee was captured by a keylogger. 3) An email address was observed in clipboard data on an infected computer. For example somebody cut and paste an email address belonging to your organization. The raw source data must first be investigated to determine course of action.

Malicious Emails

If your domain or IP address shows up in this collection, it means it was observed in the header of an email that has been identified as malicious (1 or more AV detection). The raw email should be inspected to see whether it was sent to or from your organization, or if it was spoofed using your organizations data. It should be noted that some AV vendors classify emails as malicious when they are actually benign. All malicious emails hits only indicate targeting, not malware infections.

Pastebin

A pastebin hit simply means your information was observed in a paste on pastebin.com. There are numerous reasons information would be contained in a paste – some malicious and some benign. Each pastebin hit must be individually analyzed to determine context.

Sinkhole data

A sinkhole hit means your IP was observed in weblogs from our sinkhole server. Similar to the botnet_tracker hits, it only means that communication was observed. The nature of that communication needs to be determined from the raw sinkhole record. If the sinkhole hit is a result of a malware infection, then the information should be referred to incident responders.

Breach Data

Breach data hits are from public database leaks. Depending on the nature of the leaked database, exposed information may vary from just email addresses, to username and password combinations and other personally identifiable information. RedXray contains the raw breach data so you can easily see what type of data has been exposed. If the breach data contains passwords then Wapack Labs recommends enforcing a password reset and investigating whether there has been unauthorized access of the account.

Threat Recon

Threat recon consists of both primary sourced indicators and open sourced indicators from dozens of sources. Each hit from this collection should be individually analyzed as each source has different context. Threat recon records contain references to the original source.