Bart, Author at Security Boulevard
Blue Team Puzzle

Blue Team Puzzle

Several years ago, I created a "malware puzzle" - basically, a crossword puzzle but with terms related to malware. You can find that puzzle here: https://bartblaze.blogspot.com/2013/08/malware-puzzle.htmlSeeing crosswords are a hobby of mine, I thought it'd be fun to create another one more than seven years later - this time, all things ... Read More
Satan ransomware rebrands as 5ss5c ransomware

Satan ransomware rebrands as 5ss5c ransomware

The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".In a previous blog post, Satan ransomware adds EternalBlue exploit, I described how the group behind Satan ransomware has been actively developing its ransomware, ... Read More
Monero download site and binaries compromised

Monero download site and binaries compromised

IntroductionEarlier this evening I saw a tweet appear which claimed Monero has been hacked and a malicious binary (instead of the real one) has been served:Warning Monero users: If you downloaded Monero in the past 24 hours you may have installed malware. Monero's official website served compromised binaries for at ... Read More
Run applications and scripts using Acer's RunCmd

Run applications and scripts using Acer’s RunCmd

This weekend I was cleaning up an old Acer laptop of mine and discovered a hidden folder on the root drive, C:\OEM.Inside's a bunch of interesting files, one of these is a tool called RunCmd_X64.exe.The file is a legitimate and signed binary by Acer:Figure 1 - Signed RunCmd_X64The tool contains ... Read More
Analysing a massive Office 365 phishing campaign

Analysing a massive Office 365 phishing campaign

Last week, a friend of mine reached out with a query: a contact in his address book had sent him a suspicious email. As it turns out, it was. In this blog post, we'll have a quick look at an Office 365 phishing campaign, which turned out to be massive ... Read More
MAFIA ransomware targeting users in Korea

MAFIA ransomware targeting users in Korea

A new ransomware family was discovered and sent to me by MalwareHunterTeam, which we'll call MAFIA due to the extension it uses to encrypt files. The ransomware appears to target users in Korea, and may have been developed with at least knowledge of the Korean language.Another interesting (and new to ... Read More
RedEye ransomware: there's more than meets the eye

RedEye ransomware: there’s more than meets the eye

A rather anonymous account reached out to me on Twitter asking to check out a "scary & really nasty" sample.It turned out to be RedEye ransomware, a new strain or variant by the same creator of Annabelle ransomware, which I discovered in February earlier this year.AnalysisThis ransomware is named "RedEye" ... Read More
PSCrypt ransomware: back in business

PSCrypt ransomware: back in business

PSCrypt is ransomware first discovered last year, in 2017, targeting users and organisations alike in Ukraine, and the malware itself is based on GlobeImposter ("GI") ransomware.I've written about PSCrypt in the past, when it was distributed via Crystal Finance Millenium's hacked website: Crystal Finance Millennium used to spread malwareIn this ... Read More
Vietnamese ransomware wants you to add credit to a mobile phone

Vietnamese ransomware wants you to add credit to a mobile phone

In this quick blog post we'll have a look at BKRansomware, a Vietnamese ransomware that wants you to top up its phone.Update: 2018-05-06, scroll down for the update, added to the conclusion.AnalysisThis ransomware is named "BKRansomware" based on the file name and debug path. Properties:MD5: 892da86e60236c5aaf26e5025af02513SHA1: 6f36c02161a83a3683921fc73319474157f4fb92SHA256: c23f695a19346bf3a5b21fb5a281771808953930d8dcb0a359f163ba0329305fCompilation timestamp: 2018-05-03 ... Read More
Ransomnix ransomware variant encrypts websites

Ransomnix ransomware variant encrypts websites

| | Ransomnix, Ransomware
Ransomnix is a (supposedly Jigsaw, but not really) ransomware variant that holds websites for ransom, and encrypts any files associated with the website.This ransomware was discovered in the second half of 2018, and there's a brief write-up by Amigo-A here as well: Ransomnix ransomwareIn this blog post, we'll discuss a ... Read More