Ongoing Campaigns

Bad Rabbit Ransomware continues to spread
> Initially targeting Russia and Ukraine, Bad Rabbit now reportedly infected entities in more countries including Turkey, Bulgaria and the US.
> Researchers continue to debate on the relationship between Bad Rabbit and the NotPetya trojan, with many claiming that the former is a new variant of the latter. This theory is based on similarities including the fact that they both use SMB to spread, create scheduled tasks to reboot the system, and share some seemingly identical functionality and code.

Increased activity observed from the Terror Exploit Kit
> According to Zscaler, Terror EK redirects are currently seen in the form of fake advertisement pop-ups on topics such as fat loss and how to quit smoking. These use an obfuscated JS script to initiate the infection process.  
> Terror EK is targeting two vulnerabilities: CVE-2016-0189 which is a scripting engine memory corruption vulnerability in Jscript, and the VBScript engine used in Internet Explorer; and CVE-2014-6332, a Windows OLE automated array remote code execution flaw in Windows.
> The main payload delivered by Terror EK is the Smoke Loader downloader trojan family.

New phishing scam targets Ethereum users
> The campaign is spreading via emails posing as notifications from the Ethereum wallet site Myetherwallet[.]com regarding an update for an upcoming hard fork.
> The emails contain a link to a phishing site attempting to trick users into providing their wallet passwords. If successful, the attackers can access the victim’s wallet and transfer the coins it contains to their own.
> The attackers have allegedly managed to steal at least $12,500 during the scam so far.
Source –   



SecureDrop patches information leak vulnerability
> SecureDrop is a system for whistleblowers and sources to anonymously submit tips to news outlets.
> On the October 16th a bug was discovered in the system which could allow an attacker with network access to perform a Man-In-The-Middle attack, connect to a server and perform remote code execution.
> According to SecureDrop the bug would be very difficult to leverage and there is no evidence that it has been exploited by attackers.


General News

Kaspersky responds to reports claiming its software was used by hackers to steal NSA data
> The WSJ recently reported that Russia-based hackers used Kaspersky software to gain access to NSA data stored on the personal computer of an NSA contractor in 2015, either with or without the firm’s knowledge. Kaspersky has now released preliminary findings from an investigation it launched to examine these claims.
> The report claims that the contractor intentionally disabled Kaspersky antivirus software on their computer to install a pirated version of the Microsoft Office software. This turned out to be infected with a malware dubbed Backdoor.Win32.Mokes.hvl.
> Once the AV software was reactivated, it detected the malware and initiated a scan which also detected the NSA source code stored on the contractor’s computer. The CEO of Kaspersky was alerted to the existence of this data and it was subsequently deleted from the company’s systems.

Flashpoint reports on sale of compromised Remote Desktop Protocol (RDP) servers on the dark web
> RDP access credentials provide cybercriminals with a convenient entry into corporate networks. Flashpoint claims that these are increasingly being sold on the dark web for as little as $3 as a result.
> Ultimate Anonymity Services is one of the most popular stores selling RDP access. It was founded in early 2016 and offers over 35,000 RDP credentials for sale in several countries and for multiple Windows operating systems.


The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

This website uses cookies.
See our privacy policy at