tag:blogger.com,1999:blog-8539880144347728238.post4711485989177359365..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: APT RansomwareUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-8539880144347728238.post-17997944007588419802016-07-11T19:46:19.899-04:002016-07-11T19:46:19.899-04:00A few secondary actors behind ransomware include t...A few secondary actors behind ransomware include the ESXi-targeting group named the Russian Guardians, as well as the JBoss-targeting group behind -- http://blog.talosintel.com/2016/03/samsam-ransomware.html<br /><br />Both of these utilize lateral movement for expansion of their operations. Goonky leadership was probably arrested and the threat community at leaset partially disbanded -- http://blog.talosintel.com/2016/07/lurk-crimeware-connections.html -- seeing Angler EK delivering an eventuality of CryptXXX and TeslaCrypt all but disappearing completely. However, also quickly being replaced.<br /><br />Which actor was it who was using GPOs for delivery? I can't find a source.drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-55822720125900400972016-06-09T16:00:00.255-04:002016-06-09T16:00:00.255-04:00@ Memoirs: Yes, the primary actor behind ransomwar...@ Memoirs: Yes, the primary actor behind ransomware is named Goonky aka VirtualDonna aka Sadclowns. Primarily tracked publicly by TrendMicro, RiskIQ, and ProofPoint. There are links to the pseudo-DarkLeech actors.drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-66755990668680139732016-03-26T19:40:25.674-04:002016-03-26T19:40:25.674-04:00Another option to consider for change in tactics a...Another option to consider for change in tactics and motivation is that the original actors lost control of their CNC by compromise. This is why I wrote all the SSL shells for msf - red team is often the biggest commsec offender due to time constraint and arrogance.rageltmanhttp://github.com/sempervictusnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-66959713273636774892016-03-22T09:42:15.408-04:002016-03-22T09:42:15.408-04:00Is there a name for this APT group yet, or is it a...Is there a name for this APT group yet, or is it a formally declared operation?Memoirs of a College studenthttps://www.blogger.com/profile/05461610451881800295noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-83036947559728414392016-03-16T19:01:47.214-04:002016-03-16T19:01:47.214-04:00My theory is that this is the way that cyber risk ...My theory is that this is the way that cyber risk works, and will continue to work.<br /><br />In my cyber common operating model (Cyber COM), adversaries will work against responders (and vice versa -- and even each other) using the game theory system known as the Stag Hunt (or a similar cooperative model). In the four quadrants of the model, e-crime takes spot 1 (as a COP or common operating picture, of which there are 4), ranging from ID theft to cyber extortion including ransomware. Spot 2 is cyber espionage, classically state actors ranging from value-chain subversion to IP theft. Quadrant 3 is reserved for cyber sabotage, ranging from disruption of services (which, as this is the center of the model, also falls directly in line with ransomware as a well e-crime-driven DoS/DDoS) and terminating in destruction. This is why you will see a mix of state, sub-state, and non-state actors converging in the center of the model (especially when they are consistently win the game). The last quadrant of the model is also reserved for mostly sub-state actors and signals with loss-of limb while terminating in loss-of life.<br /><br />I've been using the model to forecast and explain events such as the one we've seen for over 3 years now. When I can turn the model computational, then we'll start to gain situational understanding with clear courses of action. Please let me know if you are interested, I actually have a framework and know of several platforms to fit the bill.drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.com