This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-19T06:45:38+00:00 www.secnews.physaphae.fr BAE - BAE Systelm Threat Research Malware compiled containing admin credentials for the FEIB network. 03 October 2017 Transfers using MT103 messages were sent from FEIB to Cambodia, the US and Sri Lanka. Messages to cover the funds for the payments were incorrectly created and sent. 03 October 2017 Breach discovered and ransomware uploaded to online malware repository site. 04 October 2017 Individual in Sri Lanka cashes out a reported Rs30m (~$195,000). 06 October 2017 ]]> 2017-10-16T22:32:36+00:00 http://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html www.secnews.physaphae.fr/article.php?IdArticle=419214 False Medical APT 38,Wannacry None BAE - BAE Systelm Threat Research ANALYSIS: Initial VectorThe initial infection vector is still unknown. Reports by some of phishing emails have been dismissed by other researchers as relevant only to a different (unrelated) ransomware campaign, called Jaff.There is also a working theory that initial compromise may have come from SMB shares exposed to the public internet. Results from Shodan show over 1.5 million devices with port 445 open – the attacker could have infected those shares directly.The Dropper/WormThe infection starts from a 3.6Mb executable file named mssecsvc.exe or lhdfrgui.exe. Depending on how it's executed, it can function as a dropper or as a worm.When run, the executable first checks if it can connect to the following URL:http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com The connection is checked with the WinINet functions, shown below: 01 qmemcpy(&szUrl, 02         "http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com", 03         57u); 04 h1 = InternetOpenA(0,&nbs]]> 2017-05-17T03:33:55+00:00 http://baesystemsai.blogspot.com/2017/05/wanacrypt0r-ransomworm.html www.secnews.physaphae.fr/article.php?IdArticle=365767 False Guideline,Medical APT 38,Wannacry None