Data Mining and Visualizing My Old GMail Account - An Analysis

Dear blog readers,

I've decided to touch base with everyone and share with you a screenshot which basically demonstrates a data mined visualization of my old GMail account where I'm currently using a proprietary solution for the purpose of figuring out how different connections with friends and colleagues circa 2008-2013 really worked out in terms of achievements and productivity.

Stay tuned!

Continue reading →

Sample Photos from My Cyber Security Talks Bulgaria Presentation - An Analysis

Dear blog readers,

I've decided to share some personal photos from my Cyber Security Talks Bulgaria presentation which is quite an outstanding event with quite some interesting and good audience where I had the privilege and meet and socialize with fellow researchers and experts and make an outstanding presentation.

Sample photos include:

Sample presentation slides include:

Stay tuned!

Continue reading →

SmokeLoader Themed Malware Serving Campaign Spotted in the Wild - An Analysis

 Dear blog readers,

I've decided to share with everyone some technical details behind a currently circulating malicious software serving campaign that's dropping a SmokeLoader variant on the targeted host and is using a variety of C&C server domains for communication with the malicious attackers.

Sample screenshots include:

Sample campaign structure:

MD5: ccaf26afe7db068aa11331f6c5af14d8

hxxp://host-file-host6.com - 34.106.70.53

hxxp://host-host-file8.com

Sample related responding IPs known to have been involved in the campaign include:

hxxp://176.124.221.9

hxxp://23.48.95.144

hxxp://45.91.8.70

hxxp://185.144.28.175

hxxp://31.44.185.182

hxxp://8.209.65.68

hxxp://45.134.27.228

hxxp://2.16.165.19

hxxp://185.251.89.108

hxxp://195.186.210.241

Stay tuned!

Continue reading →

Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution - An Analysis

Dear blog readers,

In this post I've decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that's using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.

Sample campaign C&C and associated domains analysis:

MD5: d8191eee2d99a00cb664d100ffc73b9c

hxxp://enderop44-36084.portmap.host - 193.161.193.99 

URL: hxxp://www.cofo.ga/a/KeyOneA.exe

Botnet C&C: hxxp://cofo.ga - hxxp://52.70.248.161; hxxp://193.161.193.99

Sample screenshots include:

Sample VirusTotal Graph regarding the malicious campaign:

Stay tuned!

Continue reading →

Profiling the Limbo Crimeware Malicious Software Release - An Analysis

NOTE:

These screenshots were obtained in 2009 courtesy of me while doing research.

An image is worth a thousand words.

Sample screenshots include:

Stay tuned!

Continue reading →

Profiling the ZeusEsta Managed ZeuS Crimeware Hosting Service - An Analysis

Dear blog readers,

Back in 2009 I came across to a pretty interesting and easy to use sophisticated ZeuS crimeware managed hosting service which was basically enticing users into becoming customers of a managed ZeuS crimeware service which was basically offering them everything they need to enter the world of cybercrime in specific managed crimeware releases.

Sample URL known to have been involved in the campaign includes:

hxxp://zeuspanel.name - 94.102.56.63

Stay tuned!

Continue reading →