Following up on our last analysis of Trickbot's web inject module we are now publishing a deep dive into the module:
kryptoslogic.com/blog/2022/01/d…
English
Kryptos Logic
60 posts
Telltale now has data on the Log4j 2 (CVE-2021-44228) vulnerability, over the coming days this data will expand as we find new ways to scan for this complex attack surface.
CERTs and Orgs with their assets added will see data in real time as we find it.
telltale.kryptoslogic.com
English
We're hiring! Come join our growing threat research team developing new and interesting capabilities to automate analysis of threats and help improve the victim discovery/notification process.
jobs.kryptoslogic.com/o/research-eng…
English
We've just scanned for CVE-2021-41773 and found at least 12,000 vulnerable hosts on the internet, likely more out there. Make sure you patch! The list of vulnerable hosts has been loaded into Telltale (telltale.kryptoslogic.com).
English
We observed changes to AnchorDNS & an interesting new component - read more about it here:
kryptoslogic.com/blog/2021/07/a…
English
We recently discovered some changes TrickBot made to their webinjects module, read about our finding here: kryptoslogic.com/blog/2021/06/t…
English
ProxyLogon stats: 250k uniq IPs scanned, 29796 vulnerable, 97827 shells across 15150 unique IPs. This data has been loaded into Telltale (telltale.kryptoslogic.com). Please patch and run Microsoft's MSERT tool to clean up any webshells
English
Out of the 237496 exchange servers we just scanned, 31454 were vulnerable to ProxyLogon/CVE-2021-26855. This list has been loaded into Telltale (telltale.kryptoslogic.com). Please patch and run Microsoft's MSERT tool to clean up any webshells
English
Kryptos Logic retweetledi
Second run of yesterday's Special Report containing data from a later (2021-03-14 23:30:00 UTC) run of @kryptoslogic's potentially vulnerable MS #Exchange server Internet-wide scan just sent out. Increases data from 59142 to 73555 unique IPs, in 6501 to 7254 ASNS, 211 to 212 geos
The Shadowserver Foundation@Shadowserver
Another Special Report just sent, using Internet-wide scan data to detect vulnerable MS Exchange servers from @kryptoslogic (hat tip!). Blog provides a comparison of coverage between that and our previous Special Report: shadowserver.org/news/shadowser… Report: shadowserver.org/what-we-do/net…
English
Kryptos Logic retweetledi
Special Report just re-run containing updated data on web shells dropped on compromised MS #Exchange servers, again courtesy of @kryptoslogic. 2021-03-15 edition covers 22731 easily found web shells exposed on 20437 unique IP addresses - all requiring urgent remediation
The Shadowserver Foundation@Shadowserver
With many un-patched MS #Exchange Servers still being rapidly compromised, we have partnered with @kryptoslogic to provide another Special Report covering 6720 exposed webshells that could be used to deploy ransomware, etc. Please remediate urgently! shadowserver.org/news/shadowser…
English
We just finished another scan for webshells. This time we looked at double the number of paths and found 22731 shells across 12861 unique source IPs. This list has been loaded into Telltale (telltale.kryptoslogic.com).
English
Out of the 231084 exchange servers we just scanned, 62018 were vulnerable to ProxyLogon/CVE-2021-26855. Once again this list has been loaded into Telltale (telltale.kryptoslogic.com). Please patch and run Microsoft's MSERT tool to clean up any webshells
English
Over the next few days we'll be fine tuning our scanning and gathering more data - we think there's probably a bunch more based on other people's data but this is what we have tonight. 2/2
English
We've just loaded 60k~ IPs into Telltale (telltale.kryptoslogic.com) which we've found vulnerable to ProxyLogon/CVE 2021-26855 - this is being exploited in the wild - please patch and run Microsoft's MSERT tool to look for signs of compromise. We suspect there are more then 60k 1/2
English
Kryptos Logic retweetledi
With many un-patched MS #Exchange Servers still being rapidly compromised, we have partnered with @kryptoslogic to provide another Special Report covering 6720 exposed webshells that could be used to deploy ransomware, etc. Please remediate urgently!
shadowserver.org/news/shadowser…
English
We've just discovered 6970 exposed webshells which are publicly exposed and were placed by actors exploiting the Exchange vulnerability. These shells are being used to deploy ransomware. If you're signed up to Telltale (telltale.kryptoslogic.com) you can check you're not affected
English
We came across a new Trickbot module used for network reconnaissance - read more here:
kryptoslogic.com/blog/2021/02/t…
English
As a result of the law enforcement takedown of Emotet we're able to distribute alerts to victims via our platform:
telltale.kryptoslogic.com
Read more about the takedown here:
europol.europa.eu/newsroom/news/…
English
Faster Poly1305 key multicollisions kryptoslogic.com/blog/2021/01/f…
English
Kryptos Logic retweetledi
English