15 min
管理检测和响应(MDR)
持续的恶意广告活动导致勒索软件
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, 点击广告会导致域名出现拼写错误.
7 min
Research
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
在我们的博客系列的第一部分, we discussed how a Rust based application was used to download and execute the IDAT Loader. 在本系列的第二部分中, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.
10 min
Malware
故事从SOC第1部分:IDAT加载器到BruteRatel
Rapid7’s 管理检测和响应(MDR) team continuously monitors our customers' environments, 识别新出现的威胁并开发新的检测方法.
7 min
Velociraptor
如何使用Velociraptor搜索UEFI恶意软件
UEFI threats have historically been limited in number and mostly implemented by
民族国家行为者是隐形的持久性. 然而,最近的扩散
of Black Lotus on the dark web, Trickbot enumeration module (late 2022), and
Glupteba (November 2023) indicates that this historical trend may be changing.
With this context, it is becoming important for security practitioners to
understand visibility and collection capabilities for UEFI threats
[http://yxnbtp.whxykj.net/info/understanding
3 min
Threat Intel
Network Access for Sale: Protect Your Organization Against This Growing Threat
Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.
12 min
Malware
Infostealer恶意软件伪装成Windows应用程序
Rapid7's 管理检测和响应(MDR) team recently identified a malware campaign whose payload installs itself as a Windows application.
5 min
News
Update on SolarWinds Supply-Chain Attack: SUNSPOT, SUNSHUTTLE and New Malware Family Associations
New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.
3 min
Malware
BadRabbit勒索软件攻击:你需要知道的
What’s Up?
Rapid7 has been tracking reports of an expanding ransomware campaign dubbed
BadRabbit. Russian news outlets and other organizations across Europe have
reported being victims of this malware and the “outbreak” is continuing to
spread.
The BadRabbit attackers appear to have learned some lessons from previous
outbreaks earlier this year and have both limited the external spreading
capabilities of the ransomware as well as made the payments a bit harder for
研究人员,救援人员和au
6 min
Malware
The CIS Critical Controls Explained- Control 8: Malware Defenses
This is a continuation of our CIS critical security controls
[/2017/04/19/the-cis-critical-security-controls-series] blog series.
Workstations form the biggest threat surface in any organization. The CIS
关键安全控制
[http://yxnbtp.whxykj.net/fundamentals/cis-critical-security-controls/)包括
workstation and user-focused endpoint security in several of the controls, but
Control 8 (Malware Defenses) is the only control to strictly focus on antivirus
恶意软件遍布整个组织
3 min
事件检测
Introspective Intelligence: Understanding Detection Techniques
To provide insight into the methods devised by Rapid7, we'll need to revisit the
detection methods implemented across InfoSec products and services and how we
以不同的方式应用数据. Rapid7每天收集大量的威胁情报
basis - from new penetration testing tools, tactics, and procedures in
Metasploit, vulnerability detections in Nexpose, and user behavior anomalies in
InsightIDR. 通过不断地产生、提炼和应用威胁
智能,我们使更强大的删除
3 min
Malware
Malware and Advanced Threat Protection: A User-Host-Process Model
In today's big data and data science age, you need to think outside the box when
它涉及恶意软件和高级威胁防护. 对于解析响应
team at our 24/7 SOC in Alexandria, VA, we use three levels of user behavior
分析识别和应对威胁. 模型定义为
用户-主机-进程,或UHP. 使用此模型及其支持的数据集允许
our team to quickly neutralize and protect against advanced threats with a high
信心率.
什么是用户
3 min
Malware
勒索软件常见问题:避免恶意软件的最新趋势
Recently, a number of Rapid7's customers have been evaluating the risks posed by
勒索软件作为攻击媒介的迅速崛起. 今天,我想说的是
一些更普遍的担忧.
什么是勒索软件?
Cryptowall [http://www.theregister.co.英国/ 2015/11/09 / cryptowall_40 /)
Cryptolocker [http://www.us-cert.gov/ncas/alerts/TA13-309A]是其中之一
当今最著名的勒索软件. 在大多数情况下,用户是
点击网络钓鱼链接就会受到勒索软件的折磨
2 min
Malware
Duqu 2到底是什么.0?
Overview:
Duqu, a very complex and modular malware platform thought to have gone dark in
late 2012, has made its appearance within the environment of Kaspersky Labs.
[http://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237]
Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware
represents a high level of sophistication, skill, funding and motivation seen by
nation-sponsored演员. 与此恶意软件相关的感染已被揭露
9 min
Malware
再见,壳牌和巴基斯坦的目标
Asia and South Asia are a theater for daily attacks and numerous ongoing
espionage campaigns between neighboring countries, so many campaigns that it's
难以计数. 最近,我偶然发现了另一个,它似乎
have been active since at least the beginning of the year, and seems mostly
针对巴基斯坦目标.
In this article we're going to analyze the nature of the attacks, the
functionality of the backdoor - here labelled as ByeBye Shell - and the quick
interaction I h
15 min
Malware
天网,一个来自Reddit的tor僵尸网络
While wandering through the dark alleys of the Internet we encountered an
unusual malware artifact, something that we never observed before that gave us
我们一丝不苟地解剖它直到深夜.
The more we spent time looking at it, the more it started to look unusually
familiar. As a matter of fact it turned out being the exact same botnet that an
audacious Reddit user of possible German origin named “throwaway236236”
在一个非常流行的我是a的帖子中描述过,你可以在这里阅读
[