Category Archives: Case Studies

A new IoT malware loader: “”

/ marts 9, 2017/ IT Security, IT Security News&Updates/ 0 comments

As usual, it targets ARM-based devices and it tries to download other files (privntpd1, privsshd1, privopenssh1, privbash1, privtftp1, privwget1 etc) via curl or wget (whichever is available on the infected devices). As usual, we suspect this loader to be injected via unauthenticated telnet/hard-coded credentials – although it could be a RCE, but we haven’t found indications about that. As soon

Read More

IoT Malware advances

/ februar 16, 2017/ IoT News&Updates, IoT Security, IT Security, IT Security News&Updates/ 0 comments

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here: In the header(s) you can find some credentials: Xmpp: [email protected] Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: uriede XMPP: [email protected] Changes: Made Date: 7-30-16 And also a

Read More

Google Dork Hacking: “use our awesome search tool…”

/ februar 14, 2017/ IT Security/ 0 comments

“… to find the right candidates” Why would anyone (or anything – as in a software or a web-bot) search for a string like “ “use our awesome search tool to find the right candidates”” on Google? Well, probably to extract some information. Personal Identifiable Information / Sensitive Personal Information? Maybe. For what use? One we can think of: phishing.

Read More

Gr1N – a new malware that also targets IoT devices?

/ februar 8, 2017/ IoT Devices&Security, IoT Security, IT Security, IT Security News&Updates/ 0 comments

While doing some investigations for one of our clients, we came across a (new) malware strain. After some quick investigations, we found out 2 sources (both in C++, a client and a server). They are signed with: // Client.c Made By @Gr1n1337 – // DeepWeb Fourms User Name – Gr1n – // This Client Only Has UDP TCP HTML –

Read More

Google Analytics – no data validation?

/ november 29, 2016/ IT Security, IT Security News&Updates/ 0 comments

Recently, one of our clients contacted about something rather strange: a “language” value in his newly Google Analytics setup that stated: “Secret.ɢ You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!” Of course, we all know that browser headers/requests can be easily altered, but we still wonder why Google allows such values in it’s [non-bot]

Read More

RTT. Retaliate if CyberAttacked

/ oktober 6, 2016/ IoT Security/ 0 comments

Our RTT solution helps companies retaliate if attacked by vulnerable / infected IoT devices. Still in Beta, but you can get a glimpse of it at any time. Just e-mail us at [email protected] for more details.