Fox stealer: another Pony Fork
Gift for SweetTail-Fox-mlp by Mad-N-MonstrousSmall data drop about another Pony fork : Fox stealer.First sample of this malware I saw was at beginning of September 2016 thanks to Malc0de. After...
View ArticleRIG evolves, Neutrino waves goodbye, Empire Pack appears
Around the middle of August many infection chains transitioned to RIG with more geo-focused bankers and less CryptXXX (CryptMic) Ransomware.Picture 1: Select Drive-by landscape - Middle of August...
View ArticleCVE-2016-7200 & CVE-2016-7201 (Edge) and Exploit Kits
CVE-2016-7200 & CVE-2016-7201 are vulnerabilities in the Chakra JavaScript scripting engine in Microsoft Edge. Reported by Natalie Silvanovich of Google Project Zero, those have been fixed in...
View ArticleBye Empire, Hello Nebula Exploit Kit.
Nebula LogoWhile Empire (RIG-E) disappeared at the end of December after 4 months of activityIllustration of the last month of witnessed Activity for Empireon 2017-02-17 an advert for a new exploit...
View ArticleCoalaBot: http Ddos Bot
CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)I found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds...
View ArticleThe King of traffic distribution
Disclaimer: This post is hosted here as a courtesy to the author who prefers to remain anonymous. MDNC was not involved in any way with this study.IntroductionEITest is one of the longest malicious...
View ArticleCVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits
The CVE-2018-4878 is a bug that allows remote code execution in Flash Player up to 28.0.0.137, spotted in the wild as a 0day, announced by the South-Korean CERT on the 31st of January. Patched on...
View ArticleCVE-2018-8174 (VBScript Engine) and Exploit Kits
The CVE-2018-8174 is a bug that allows remote code execution in the VBScript Engine. Found exploited in the wild as a 0day via Word documents, announced by Qihoo360 on April 20, 2018, patched by...
View ArticleCVE-2018-15982 (Flash Player up to 31.0.0.153) and Exploit Kits
The CVE-2018-15982 is a bug that allows remote code execution in Flash Player up to 31.0.0.153, spotted in the wild as a 0day. Patched on December 05, 2018 with APSB18-42.Underminer:Underminer exploit...
View ArticleChoose Again.
This is the last post/activity you’ll see on MDNC.I have now chosen to bring the MDNC (Blog/Kafeine/MISP) project to an end. Thanks to those who helped me during this incredible 8 years journey. The...
View Article
More Pages to Explore .....