Threat Research & Adversary Prevention Unit

March 23, 2017
Protecting Against Shamoon 2 and Stonedrill: In the Crossfire of Geopolitics and Wiper Malware

At the end of January, Saudi Arabia’s telecom authority issued an alert warning about Shamoon 2, a wiper malware that hit several organizations, including three government agencies and four private sector companies.

March 06, 2017
Dropping AtomBombs: Detecting DridexV4 in the Wild

Banking trojans have been around for years, but gained greater visibility in 2015 and into 2016 as they moved from targeting European banks to American banks. We previously discussed the Odinaff banking trojan, which was responsible for the SWIFT attacks, and the theft of close to $1 billion.

February 09, 2017
World, Meet MalwareScore

Sharing ideas, tools, and techniques among our community of defenders makes everyone sharper and safer.

January 20, 2017
Artemis: An Intelligent Assistant for Cyber Defense
blog-author-image
Posted By:
Categories :

You’ve used them for directions, to order pizza, to ask about the weather. You’ve called them by their names Siri, Alexa, Cortana... You speak to them like you know them, like they can understand you. Why? Because they usually can. Intelligent assistants are on the rise and increasingly supporting our lives. In large part, this is driven by the user’s desire for ever more efficient querying and frictionless action. Instead of muddling through bloated interfaces, simply speaking or typing your queries or commands through a bot is often easier, faster, and seamless.

January 17, 2017
Dude! Where's my Ransomware?: A Flare-On Challenge
blog-author-image
Posted By:
Categories :

There are many tricks to the tradecraft when analyzing unknown binaries, and it requires constant honing of skills to stay on top of the latest malware and campaigns. Solving reverse-engineering challenges is one way to keep your skills sharp. In our previous post, we discussed some tips from the Flare-On Challenge.

January 06, 2017
Reflections on Grizzly Steppe
blog-author-image
Posted By:
Categories :

On December 29, 2016, the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint analysis report (JAR) detailing, in their words, “tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities”.

Veris Group’s Adaptive Threat Division Partners with Endgame to Enhance Threat Hunting Capabilities Against Advanced Attackers

ATD to leverage Endgame’s signature-less malware detection and automated hunt to close protection gap with greater speed and accuracy for customers

 

November 18, 2016
Using Deep Learning to Detect DGAs
blog-author-image
Posted By:
Categories :

Long Short-Term Memory networks - a form of deep learning - are a basic yet powerful approach for detecting domain generation algorithms. We introduce this machine learning approach and how we implement it to detect DGAs at scale.

November 09, 2016
0 to 31337 Real Quick: Lessons Learned by Reversing the FLARE-On Challenge
blog-author-image
Posted By:
Categories :

We recently successfully completed the FLARE-On Challenge, and are passing along some lessons learned and tips for getting started so you too can compete next year.

November 08, 2016
Endgame Research @ AISec: Deep DGA
blog-author-image
Posted By:
Categories :

At this year's AISec conference, data scientist Bobby Filar presented co-authored work titled DeepDGA: Adversarially-Tuned Domain Generation and Detection. It was quickly evident that more conferences which focus on the intersection of machine learning and infosec are desperately needed.

Pages