Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin

Gitpaste-12 is a new worm recently discovered by Juniper Threat Labs, which uses GitHub and Pastebin for housing component code and has at least 12 different attack modules available. There

Share
Juniper’s Attacker IP feed bolsters threat protection with SecIntel

Juniper Threat Labs (JTL) has a network of sensors throughout the world that we use to monitor cyber security threats. These threats can range from Brute Force attacks against logins,

Share
New pastebin-like service used in multiple malware campaigns

Juniper Threat Labs identified several malware campaigns that rely on a pastebin-like service for its infection chain. The domain in question is paste.nrecom.net. The attacks usually start as a phishing

Share
Priority threat actors  adopt Mirai source code

Mirai has become such a common discovery in the wild that it is beginning to be disregarded as white noise, played off as a simple attack that should be readily

Share
Zeppelin Ransomware returns with a fresh wave of attacks

IT and healthcare providers were targeted in late 2019 by a new ransomware campaign calling itself Zeppelin, a variant of the Buran ransomware-as-a-service family. According to researcher Vitali Kremez, Zeppelin

Share
The evolving use of Shellshock and Perlbot to target Webmin

Juniper Threat Labs has observed attackers exploiting older versions of Webmin using the Shellshock vulnerability to deploy Perlbot malware.

Share
IcedID Campaign Strikes Back

In our previous blog about IcedID, we  explored some of the changes in the malware and how it tries to evade detection. We also detailed how threat actors took advantage

Share
COVID-19 and FMLA Campaigns used to install new IcedID banking malware

  Juniper Threat Labs has been monitoring a campaign that pushes a new IcedID banking trojan. This new campaign changes tactics by injecting into msiexec.exe to conceal itself and use

Share
IoT botnet exploiting TVT Shenzhen DVRs still lingers

Juniper Threat Labs has been monitoring an IoT botnet that has been active in the wild since October 2, 2019. It exploits a vulnerability in Shenzhen TVT DVR NVMS-9000. The

Share
Breadsecurity looking to make some dough off your router

Earlier in February, Juniper Threat Labs started to see a variant of Mirai attacks with an attempt to download a MIPS executable file to SOHO routers. We have seen Huawei

Share