Threat Brief: WanaCrypt0r– What We Know

This Unit 42 blog provides an update on the threat situation surrounding the WanaCrypt0r ransomware attacks. It also well as information on the adversary playbook this attack uses.

Campaign Evolution: EITest from October through December 2016

EITest is a name originally coined by Malwarebytes Labs in 2014 to describe a campaign that uses exploit kits (EKs) to deliver malware. Until early January 2016, “EITest” was used as a variable name in the attacker’s malicious injected script in pages on legitimate websites compromised by this campaign. While the variable name is gone,

Campaign Evolution: pseudo-Darkleech in 2016

Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of malware during the past few years. We reviewed the most recent iteration of this campaign in March 2016 after it had settled into a pattern of distributing ransomware.

Afraidgate: Major Exploit Kit Campaign Switches from CryptXXX Ransomware Back to Locky

By mid-July 2016, the Afraidgate campaign stopped distributing CryptXXX ransomware. It is now distributing the “.zepto” variant of Locky. Afraidgate has been using Neutrino exploit kit (EK) to distribute malware after Angler EK disappeared in early June 2016. As we previously reported, this campaign continues to utilize gate domains using name servers from afraid.org.

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on