Satan Ransomware used in Multi-Platform Cryptomining and Ransomware Campaign

Juniper Threat Labs has been monitoring a campaign that delivered multiple stages of malware to install a cryptocurrency miner and ransomware. On March 16, 2019, we identified a surge in

Share
Anatomy of the Bulehero Cryptomining Botnet

Juniper Threat Labs recently discovered an attack campaign that installs a cryptominer and spreads throughout the network. This campaign is interesting as one of its techniques is to use the infamous

Share
HoneyProcs : Going Beyond Honeyfiles for Deception on Endpoints

Deploying detection solutions on an endpoint host comes with constraints – limited availability of CPU, memory, disk and other resources, stability constraints, policy adherence and restrictions, the need to be

Share
Virobot Ransomware

Juniper Threat Labs has been monitoring the activity of a botnet, which is now being referred to as ViroBot by TrendMicro in their blog, and would like to share additional

Share
Kronos – The Banking Chronicle

The Kronos banking malware family was first known to be sold in the underground market in 2014. It surfaced again in mid-2017 after being dormant for some time. Then, in

Share
New Worm Leverages Open Source Tools and GitHub to Build its Botnet

On September 19, 2018, Juniper Threat Labs discovered a new wave of attacks from a cryptominer worm targeting Linux servers, home networking devices, and IOT devices. These attacks were bundled

Share
The Gozi Sleeper Cell

Co-Authors: Anoop Saldanha and Paul Kimayong Gozi, also known as Ursnif, is a well-known banking malware. Many variants of the malware family were identified in different attacks after its source

Share
VPNFilter: a global threat beyond routers

When first publicly announced on May 23, the threat dubbed VPNFilter was thought to only infect some brands of home routers and Network Attached Storage devices. While it was known

Share
VPNFilter: a nation state campaign for surveillance and destruction

VPNfilter is a campaign to compromise small office and home routers as well as Network Attached Storage devices from several popular manufacturers. According to a Cisco Talos blog, there are

Share
Nukebot Banking Trojan targeting people in France

Nukebot (aka TinyNuke, or NuclearBot) made the news in spring of 2017 when the author released the source code in an attempt to restore their/his/her reputation in the cybercrime ….

Share