We are thankful that so many companies and individual researchers take the time to publish articles about the latest threats. And when they share IOCs, it’s even better! We’ve put together some of our favorites from March and April 2018. Enjoy.

DNS Poisoning and How To Prevent It

Source: Alien Vault

DNS poisoning. Simply the name conjures up the kind of thoughts that keep network admins up at night. What if my RNDC key gets leaked? Could there be a rogue DHCP server within my perimeter? Read more.

GhostMiner: Cryptomining Malware Goes Fileless

Source: Minerva

This post describes a recent attack Minerva’s research team dissected, dubbed GhostMiner, after our solution prevented this infection at a customer site. Read more.

TrickBot Banking Trojan Gets Screenlocker 

Source: Bleeping Computer

The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware’s operators might soon start holding victims for ransom if infected targets don’t appear to be e-banking users. Read more.

Pop-up Ads and Sites Distributing Botnets, Cryptocurrency Miners and Ransomware

Source: Trend Micro

The Trend Micro Cyber Safety Solutions team has been tracking a potentially unwanted app (PUA) distribution campaign that installs PUA software downloaders. Read more.

YARA Rules for Finding and Analyzing in InfoSec

Source: Alien Vault

The minute any equation I’m working on comes down to “finding” or “analyzing”, I know what to reach for and put to use.  It’s YARA. Read more.

How to create a ‘gold standard’ intelligence program

Source: CSO

While no two intelligence programs are exactly alike, the most effective ones do share certain foundational components and team member skill sets. Read more.

Over 65,000 Home Routers Are Proxying Bad Traffic for Botnets, APTs

Source: Bleeping Computer

Botnet operators and cyber-espionage groups (APTs) are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location from investigators. Read more.

Roaming Mantis uses DNS hijacking to infect Android smartphones

Source: Secure List

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. Read more.

ZLAB Malware Analysis Report: Ransomware-as-a-Service Platforms

Source: Infosec Institute

The rise of the RaaS business model is giving wannabe criminals an effortless way to launch a cyber-extortion campaign without having technical expertise, and it is the cause of flooding the market with new ransomware strains. Read more.