Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

CoalaBot : http Ddos Bot

Malware don't need Coffee - 16 Říjen, 2017 - 11:01


CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)

I found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds malvertising.

2017-09-11: a witnessed infection chain to CoalaBot

A look inside :
CoalaBot: Login Screen
(August Stealer alike) 



CoalaBot: Statistics

CoalaBot: Bots

CoalaBot: TasksCoalaBot: Tasks

CoalaBot: New Taks (list)


CoalaBot: https get task details
CoalaBot: http post task details


CoalaBot: SettingsHere is the translated associated advert published on 2017-08-23 by a user going with nick : Discomrade.
(Thanks to Andrew Komarov and others who provided help here).
------------------------------------------
Coala Http Ddos Bot
The software focuses on L7 attacks (HTTP). Lower levels have more primitive attacks.
Attack types:• ICMP (PING) FLOOD• UDP FLOOD• TCP FLOOD• HTTP ARME• HTTP GET *• HTTP POST *• HTTP SLOWLORIS *• HTTP PULSE WAVE *
* - Supports SMART mode, i.e. bypasses Cloudflare/Blazingfast and similar services (but doesn’t bypass CAPTCHA). All types except ICMP/UDP have support for using SSL.

Binary:• .NET 2.0 x86 (100% working capacity WIN XP - WIN 7, on later versions ОС .NET 2.0 disabled by default)• ~100kb after obfuscation• Auto Backup (optional)• Low CPU load for efficient use• Encryption of incoming/outgoing traffic• No installation on machines from former CIS countries(RU/UA/BL/KZ/...)• Scan time non-FUD. Contact us if you need a recommendation for a good crypting service.• Ability to link a build to more than one gate.
Panel:• Detailed statistics on time online/architecture/etc. • List of bots, detailed information• Number count of requests per second (total/for each bot)• Creation of groups for attacks• Auto sorting of bots by groups • Creation of tasks, the ability to choose by group/country• Setting an optional time for bots success rate
Other:
• Providing macros for randomization of sent data • Support of .onion gate• Ability to install an additional layer (BOT => LAYER => MAIN GATE)

Requirements:
• PHP 5.6 or higher• MySQL• Мodule for MySQLi(mysqli_nd); php-mbstring, php-json, php-mcrypt extensions
Screenshots:
• Statistics- http://i.imgur.com/FUevsaS.jpg• Bots - http://i.imgur.com/nDwl9pY.jpg• Created tasks - http://i.imgur.com/RltiDhl.png• Task List - http://i.imgur.com/tqEEpX0.jpg• Settings - http://i.imgur.com/EbhExjE.jpg

Price:
• $300 - build and panel. Up to 3 gates for one build.• $20 - rebuildThe price can vary depending on updates.Escrow service is welcome.
Help with installation is no charge.------------------------------------------

Sample:

VT link
MD5 f3862c311c67cb027a06d4272b680a3b
SHA1 0ff1584eec4fc5c72439d94e8cee922703c44049
SHA256 fd07ad13dbf9da3f7841bc0dbfd303dc18153ad36259d9c6db127b49fa01d08f

Emerging Threats rules :
2024531 || ET TROJAN MSIL/CoalaBot CnC Activity

Read More:
August in November: New Information Stealer Hits the Scene - 2016-12-07 - Proofpoint

Kategorie: Hacking & Security

Cyberespionage Group Steps Up Campaigns Against Japanese Firms

Threatpost - 14 Říjen, 2017 - 16:00
Researchers unearth new tactics and strategies used by the criminals behind the hacking group known as Bronze Butler.
Kategorie: Hacking & Security

Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

The Hacker News - 14 Říjen, 2017 - 09:24
Remember NotPetya? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of
Kategorie: Hacking & Security

New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock

The Hacker News - 14 Říjen, 2017 - 09:03
DoubleLocker—as the name suggests, it locks device twice. Security researchers from Slovakia-based security software maker ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN. On top of that: DoubleLocker is the first-ever ransomware to misuse Android accessibility—a feature that provides
Kategorie: Hacking & Security

Hackers steal restricted information on F-35 fighter, JDAM, P-8 and C-130

Sophos Naked Security - 13 Říjen, 2017 - 19:48
Hackers gained “full and unfettered access” to a third-party holding restricted information

Hyatt Hit By Credit Card Breach, Again

Threatpost - 13 Říjen, 2017 - 18:33
Hyatt said its payment systems have been breached, exposing credit card data from 41 hotels in 11 countries between March and July this year.
Kategorie: Hacking & Security

Google Busy Removing More Malicious Chrome Extensions from Web Store

Threatpost - 13 Říjen, 2017 - 17:59
Three malicious Chrome extensions spoofing AdBlock Plus were removed from the Chrome Web Store this week.
Kategorie: Hacking & Security

Chris Brook Says Farewell to Threatpost

Threatpost - 13 Říjen, 2017 - 17:00
Staff writer Chris Brook says farewell to Threatpost after eight years on the site. He and Mike Mimoso talk about Threatpost's early days and how the site grew up alongside the security industry.
Kategorie: Hacking & Security

Legacy Office Feature Used In Novel Document Attacks

Threatpost - 13 Říjen, 2017 - 15:00
A forgotten feature in Microsoft Office allows attackers to bypass antivirus scanners and pull off document-based attacks to install malware.
Kategorie: Hacking & Security

Judge slaps down government’s dragnet trawl of 1.3m website users

Sophos Naked Security - 13 Říjen, 2017 - 14:49
DreamHost said the decision "will protect the constitutional rights of innocent internet users worldwide"

7 Top Security Certifications You Should Have in 2017

InfoSec Institute Resources - 13 Říjen, 2017 - 14:25

Modern organizations are facing more security threats than ever before. Data breaches and systematic hacks of company resources are becoming more frequent, and there are no signs of this trend slowing down. Generalized approaches to system security no longer provide sufficient protection against increasingly sophisticated threats, and qualified security professionals to combat these threats are […]

The post 7 Top Security Certifications You Should Have in 2017 appeared first on InfoSec Resources.

7 Top Security Certifications You Should Have in 2017 was first posted on October 13, 2017 at 7:25 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Google embarrassed by fake adblocker that served ads

Sophos Naked Security - 13 Říjen, 2017 - 13:13
The malware, posing as popular adblocker Adblock Plus, made it past Google Web Store's security checks

What is a firewall?

LinuxSecurity.com - 13 Říjen, 2017 - 11:53
LinuxSecurity.com: Network-based firewalls have become almost ubiquitous across US enterprises for their proven defense against an ever-increasing array of threats.
Kategorie: Hacking & Security

500 million PCs are being used for stealth cryptocurrency mining online

LinuxSecurity.com - 13 Říjen, 2017 - 11:52
LinuxSecurity.com: A new report suggests hundreds of websites have taken The Pirate Bay's lead and are now using visitor PCs to mine cryptocurrency without the consent of users.
Kategorie: Hacking & Security

Scam Alert: Your Trusted Friends Can Hack Your Facebook Account

The Hacker News - 13 Říjen, 2017 - 10:21
If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they've added you as one of their 'Trusted Contacts'—just don’t blindly believe it. Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook
Kategorie: Hacking & Security

Equifax website hit by malvertising – will the pain never end?

Sophos Naked Security - 13 Říjen, 2017 - 03:31
The proverb "it never rains but that it pours" could have been written for Equifax - this time, malvertising.

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns

Threatpost - 12 Říjen, 2017 - 20:53
Researchers say in a 30-day period cybercriminals behind the Locky ransomware have updated the malware three times and have stepped up spam campaigns.
Kategorie: Hacking & Security

Equifax Takes Down Compromised Page Redirecting to Adware Download

Threatpost - 12 Říjen, 2017 - 18:32
Equifax has temporarily taken down one of its consumer-facing credit report services after the webpage was compromised and serving adware via a phony Flash Player download.
Kategorie: Hacking & Security

Mr Robot season 3 episode Eps3.0_Power-Saver-Mode.H – the security review

Sophos Naked Security - 12 Říjen, 2017 - 17:56
We take a look at the security concepts in the Mr Robot season 3 premiere.

Report from the Virus Bulletin 2017 Conference [Chet Chat Podcast 263]

Sophos Naked Security - 12 Říjen, 2017 - 16:18
The Chet Chat podcast is back - enjoy!
Syndikovat obsah