Detecting Drupalgeddon 2.0
Despite a patch being released for the recent Drupal vulnerability, entities are still feeling its impacts. In this post, we’ll review what is known about Drupalgeddon and present detection methods.
Read MoreDespite a patch being released for the recent Drupal vulnerability, entities are still feeling its impacts. In this post, we’ll review what is known about Drupalgeddon and present detection methods.
Read MoreVPNFilter Malware has compromised more than 500,000 endpoints. To help you detect VPNFilter, LogRhythm Labs has implemented VPNFilter malware alarms within the Current Active Threat (CAT) Module.
Read MoreAlthough there have been several variants over the years, an analysis of the timeline of variants discussed demonstrates the "original" PlugX variant continues to be used today.
Read MoreOn February 28 and March 5, 2018, Memcached DDoS attacks targeted GitHub. LogRhythm Labs performed an investigation into the cause, effect, and outcome of these attacks.
Read MoreOn October 24, 2017, a new strain of ransomware dubbed "Bad Rabbit" emerged. This blog provides an in-depth analysis, recommendations for mitigation, IOCs, and LogRhythm AI Engine rules and NetMon queries for detection.
Read MoreThe LogRhythm Labs team provides analysis on Mamba—a strain of ransomware identified in 2016—after its recent resurgence. This goal of this in-depth analysis is to ensure users are prepared to protect their systems and to help prevent future infection of this malware variant.
Read MoreAlthough initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware. This post reviews an in-depth technical analysis of NotPetya, including recommended security measures.
Read MoreOn the morning of June 27, 2017, Petya, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe. This post discusses the TTPs of Petya / NotPetya and how to detect it using LogRhythm AI Engine rules.
Read MoreThe WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. Fortunately, the SMB dropper traffic is very easy to detect with NetMon using a simple Query Rule.
Read MoreRansomware that has been publicly named "WannaCry," “WCry” or "WanaCrypt0r" (based on strings in the binary and encrypted files) has spread to at least 74 countries as of Friday 12 May 2017. This blog addresses the technical analysis of the ransomware, mitigation, LogRhythm signatures, Network Monitor (NetMon) query rules, and indicators of compromise.
Read More