Thursday, August 8, 2019

Wapack Labs REDXRAY Threat Report (21 companies with new threats)

National Defense Transportation

REDXRAY Threat Report

All hits in this notification should be investigated by an analyst before being actioned or blocked. For more information, please contact Wapack Labs at 888-733-9729.

Abraham LLC

Botnet Tracker - 0 Breach Data - 5384 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Accenture

Botnet Tracker - 0 Breach Data - 12 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Aegis Strategies LLC

Botnet Tracker - 0 Breach Data - 214850 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Agency & NW Regional President

Botnet Tracker - 0 Breach Data - 26 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Crane Worldwide Logistics

Botnet Tracker - 0 Breach Data - 4 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

DHL Global Forwarding

Botnet Tracker - 0 Breach Data - 10 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

HQ USTRANSCOM/J4-LT

Botnet Tracker - 0 Breach Data - 1470 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Military Sealift Command

Botnet Tracker - 0 Breach Data - 16 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Oracle

Botnet Tracker - 0 Breach Data - 26 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

PricewaterhouseCooper

Botnet Tracker - 0 Breach Data - 20 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Radiant Global Logistics

Botnet Tracker - 0 Breach Data - 10892 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 208 Sinkhole Traffic - 0 ThreatRecon Records - 0

State Department

Botnet Tracker - 0 Breach Data - 4 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

The Boeing Company

Botnet Tracker - 0 Breach Data - 16 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

USTRANSCOM

Botnet Tracker - 0 Breach Data - 574 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 4 Sinkhole Traffic - 0 ThreatRecon Records - 0

Uber Technologies, Inc.

Botnet Tracker - 0 Breach Data - 2134 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 1

Union Pacific Railroad

Botnet Tracker - 0 Breach Data - 2 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

United Airlines

Botnet Tracker - 0 Breach Data - 2 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 0 Sinkhole Traffic - 0 ThreatRecon Records - 0

Wounded Warrior Project

Botnet Tracker - 0 Breach Data - 5548 Keylogger Records - 0 Malicious Emails - 0 Malicious Emails Context- 0 Malicious Email Detections- 0 Pastebin - 99 Sinkhole Traffic - 0 ThreatRecon Records - 0

Botnet_tracker

If your IP address is found in botnet tracker, it means that it was seen in a communication with a malicious endpoint. This does not automatically indicate a malware infection as there are a number of reasons why two IP addresses might communicate. The traffic should first be inspected before escalating to incident responders.

Keylogger

A keylogger hit means your domain or IP address appeared in a keylogger output file. This would mean one of the following things: 1) A keylogger malware is running on your network. 2) A username and password belonging to an employee was captured by a keylogger. 3) An email address was observed in clipboard data on an infected computer. For example somebody cut and paste an email address belonging to your organization. The raw source data must first be investigated to determine course of action.

Malicious Emails

If your domain or IP address shows up in this collection, it means it was observed in the header of an email that has been identified as malicious (1 or more AV detection). The raw email should be inspected to see whether it was sent to or from your organization, or if it was spoofed using your organizations data. It should be noted that some AV vendors classify emails as malicious when they are actually benign. All malicious emails hits only indicate targeting, not malware infections.

Pastebin

A pastebin hit simply means your information was observed in a paste on pastebin.com. There are numerous reasons information would be contained in a paste – some malicious and some benign. Each pastebin hit must be individually analyzed to determine context.

Sinkhole data

A sinkhole hit means your IP was observed in weblogs from our sinkhole server. Similar to the botnet_tracker hits, it only means that communication was observed. The nature of that communication needs to be determined from the raw sinkhole record. If the sinkhole hit is a result of a malware infection, then the information should be referred to incident responders.

Breach Data

Breach data hits are from public database leaks. Depending on the nature of the leaked database, exposed information may vary from just email addresses, to username and password combinations and other personally identifiable information. RedXray contains the raw breach data so you can easily see what type of data has been exposed. If the breach data contains passwords then Wapack Labs recommends enforcing a password reset and investigating whether there has been unauthorized access of the account.

Threat Recon

Threat recon consists of both primary sourced indicators and open sourced indicators from dozens of sources. Each hit from this collection should be individually analyzed as each source has different context. Threat recon records contain references to the original source.