We are thankful that so many companies and individual researchers take the time to publish articles about the latest threats. And when they share IOCs, it’s even better! We’ve put together some of our favorites from March and April. Enjoy.

DNS Poisoning and How To Prevent It

Source: Alien Vault

DNS poisoning. Simply the name conjures up the kind of thoughts that keep network admins up at night. What if my RNDC key gets leaked? Could there be a rogue DHCP server within my perimeter? Read more.

GhostMiner: Cryptomining Malware Goes Fileless

Source: Minerva

This post describes a recent attack Minerva’s research team dissected, dubbed GhostMiner, after our solution prevented this infection at a customer site. Read more.

TrickBot Banking Trojan Gets Screenlocker 

Source: Bleeping Computer

The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware’s operators might soon start holding victims for ransom if infected targets don’t appear to be e-banking users. Read more.

Pop-up Ads and Sites Distributing Botnets, Cryptocurrency Miners and Ransomware

Source: Trend Micro

The Trend Micro Cyber Safety Solutions team has been tracking a potentially unwanted app (PUA) distribution campaign that installs PUA software downloaders. Read more.

YARA Rules for Finding and Analyzing in InfoSec

Source: Alien Vault

The minute any equation I’m working on comes down to “finding” or “analyzing”, I know what to reach for and put to use.  It’s YARA. Read more.

How to create a ‘gold standard’ intelligence program

Source: CSO

While no two intelligence programs are exactly alike, the most effective ones do share certain foundational components and team member skill sets. Read more.

Over 65,000 Home Routers Are Proxying Bad Traffic for Botnets, APTs

Source: Bleeping Computer

Botnet operators and cyber-espionage groups (APTs) are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location from investigators. Read more.

Compromised Magento Sites Delivering Malware

Source: Flashpoint

Botnet operators and cyber-espionage groups (APTs) are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location from investigators. Read more.