Become a Patron!
True Information is the most valuable resource and we ask you to give back.
FBI MSIL/Samas.A Ransomware Flash Alerts
Page Count: 6 pages
Date: March 25, 2016
Restriction: TLP: GREEN
Originating Organization: Federal Bureau of Investigation, Cyber Divison
File Type: zip
File Size: 775,199 bytes
File Hash (SHA-256): AFF6B13256C8E0FE9A67F2F2E80C5AB337AF95F018104BA5CBC15FD093A1D8A9
File Contents
- FBI Flash Alert MC-000068-MW, February 18, 2016
- FBI Flash Alert MC-000070-MW, March 25, 2016
- Samas Indicators of Compromise
The FBI previously identified that the actor(s) exploit Java-based Web servers to gain persistent access to a victim network and infect Windows-based hosts. The FBI also indicated that several victims have reported the initial intrusion occurred via JBOSS applications. Further analysis of victim machines indicates that, in at least two cases, the attackers used a Python tool, known as JexBoss, to probe and exploit target systems. Analysis of the JexBoss Exploit Kit identified the specific JBoss services targeted and vulnerabilities exploited. The FBI is distributing these indicators to enable network defense activities and reduce the risk of similar attacks in the future.
FBI indicators based on an ongoing investigation:
The JexBoss tool, publicly available on GitHub.com, prompts attackers to input the target URL for JexBoss to check for any of three vulnerable JBoss services: web-console, jmx-console, and JMXInvokerServlet. Depending on which vulnerabilities are detected, the tool then prompts the user to initiate corresponding exploits. The tool’s exploits are collectively effective against JBoss versions 4, 5, and 6. The payload of each exploit is a Web application Archive (.war) file, “jbossass.war”. A successful exploit results in unpackaging the .war file and utilizing jbossass.jsp to deploy an HTTP shell for the attacker.
Following initial infection of the network with MSIL/Samas.A, the actor(s) connect via RDP sessions. An open source tool, known as reGeorg, is used to tunnel the RDP traffic over the established HTTP connection. The actors use the Microsoft tool csvde.exe to determine the hosts reporting to the active directory. A list of all hosts found in the directory is compiled into a .csv file or other similar file type. Finally, the actor(s) distribute the ransomware to each host in the network using a copy of Microsoft’s psexec.exe.
…
Defending Against Ransomware Generally
Precautionary measures to mitigate ransomware threats include:
• Ensure anti-virus software is up-to-date.
• Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
• Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
• Only download software – especially free software – from sites you know and trust.
• Enable automated patches for your operating system and Web browser.
Fbi Most Wanted, Fbi Jobs, Fbi Director, Fbi Salary, Fbi Agent, Fbi Background Check, Fbi Agent Salary, Fbi Headquarters, Fbi Special Agent, Fbi Internships, Fbi Agent, Fbi Agent Salary, Fbi Academy, Fbi Application, Fbi Analyst, Fbi Atlanta, Fbi Agent Jobs, Fbi Anon, Fbi Address, Fbi Arrests, Fbi Background Check, Fbi Badge, Fbi Bau, Fbi Building, Fbi Boston, Fbi Bap, Fbi Baltimore, Fbi Benefits, Fbi Budget, Fbi Building Dc, Fbi Careers, Fbi Crime Statistics, Fbi Clearance, Fbi Criminal Background Check, Fbi Chicago, Fbi Citizens Academy, Fbi Crime Statistics By Race, Fbi Contact, Fbi Channeler, Fbi Candidates, Fbi Director, Fbi Director Candidates, Fbi Director James Comey, Fbi Definition, Fbi Director Fired, Fbi Director Salary, Fbi Definition Of Terrorism, Fbi Database, Fbi Dallas, Fbi Drug Policy, Fbi Employment, Fbi Email Address, Fbi Employment Drug Policy, Fbi El Paso, Fbi Employees, Fbi Emblem, Fbi Established, Fbi Education Center, Fbi Education, Fbi Executive Branch, Fbi Fingerprinting, Fbi Files, Fbi Field Offices, Fbi Fingerprint Card, Fbi Fitness Test, Fbi Facebook, Fbi Fingerprint Check, Fbi Forensic Accountant, Fbi Foia, Fbi Founder, Fbi Glock, Fbi Games, Fbi Gov, Fbi Glassdoor, Fbi Guns, Fbi Gang List, Fbi Gun Statistics, Fbi Gif, Fbi Gift Shop, Fbi General Counsel, Fbi Headquarters, Fbi Hrt, Fbi History, Fbi Houston, Fbi Hiring, Fbi Hate Crime Statistics, Fbi Head, Fbi Hat, Fbi Honors Internship, Fbi Hotline, Fbi Internships, Fbi Investigation, Fbi Intelligence Analyst, Fbi Informant, Fbi Irt, Fbi Investigation Trump, Fbi Ic3, Fbi Infragard, Fbi Internet Fraud, Fbi Id, Fbi Jobs, Fbi Jacket, Fbi James Comey, Fbi Jurisdiction, Fbi Job Description, Fbi Jobs Apply, Fbi Jacksonville, Fbi Jade Helm, Fbi Jobs Chicago, Fbi Jackson Ms, Fbi Kansas City, Fbi Kids, Fbi Knoxville, Fbi Kidnapping, Fbi Komi, Fbi Kentucky, Fbi Killed Jfk, Fbi Kkk, Fbi Kodi, Fbi K9 Unit, Fbi Logo, Fbi Leeda, Fbi Los Angeles, Fbi Locations, Fbi Las Vegas, Fbi Leaks, Fbi Leader, Fbi Linguist, Fbi Louisville, Fbi Login, Fbi Most Wanted, Fbi Most Wanted List, Fbi Meaning, Fbi Meme, Fbi Movies, Fbi Museum, Fbi Motto, Fbi Miami, Fbi Mission Statement, Fbi Most Dangerous Cities, Fbi Number, Fbi News, Fbi National Academy, Fbi Nics, Fbi New York, Fbi New Orleans, Fbi Newark, Fbi New York Tv Show, Fbi Near Me, Fbi Nominee, Fbi Offices, Fbi Org Chart, Fbi Omaha, Fbi Operative, Fbi On Trump, Fbi Organizational Chart, Fbi Obama Meme, Fbi Obama, Fbi Oklahoma City, Fbi Office Near Me, Fbi Phone Number, Fbi Profiler, Fbi Pft, Fbi Police, Fbi Pay Scale, Fbi Phoenix, Fbi Pay, Fbi Philadelphia, Fbi Positions, Fbi Pittsburgh, Fbi Quantico, Fbi Qualifications, Fbi Q Target, Fbi Quotes, Fbi Quiz, Fbi Questions, Fbi Qr Code, Fbi Qas, Fbi Quantico Address, Fbi Quantico Tours, Fbi Requirements, Fbi Russia, Fbi Russia Investigation, Fbi Report, Fbi Ranks, Fbi Recruiting, Fbi Raid, Fbi Records, Fbi Rape Statistics, Fbi Russia Trump, Fbi Salary, Fbi Special Agent, Fbi Stands For, Fbi Swat, Fbi Special Agent Salary, Fbi Surveillance, Fbi Statistics, Fbi Sos, Fbi Surveillance Van, Fbi Seal, Fbi Training, Fbi Top Ten, Fbi Trump, Fbi Trump Russia, Fbi Tip Line, Fbi Tv Shows, Fbi Twitter, Fbi Tips, Fbi Teen Academy, Fbi Tours, Fbi Ucr, Fbi Ucr 2016, Fbi Units, Fbi Ucr 2015, Fbi Undercover, Fbi Unsolved Cases, Fbi Upin, Fbi Utah, Fbi Usa, Fbi Uniforms, Fbi Vs Cia, Fbi Vault, Fbi Virus, Fbi Vs Apple, Fbi Virtual Academy, Fbi Vehicles, Fbi Violent Crime Statistics, Fbi Virginia, Fbi Van, Fbi Van Wifi, Fbi Website, Fbi Warning, Fbi Wiki, Fbi Wanted List, Fbi Watch List, Fbi Windbreaker, Fbi Warning Screen, Fbi White Collar Crime, Fbi Warrant Search, Fbi Weapons, Fbi X Files, Fbi Xl2, Fbi Xl31, Fbi Xl4, Fbi Xl2 Programming, Fbi Xl-31 Troubleshooting, Fbi Xl 31 Installation Manual, Fbi X Files Real, Fbi Xl2t Installation Manual, Fbi Xl 1215, Fbi Yearly Salary, Fbi Youtube, Fbi Youth Academy, Fbi Youth Leadership Academy, Fbi Yellow Brick Road, Fbi Youth Programs, Fbi Yearly Budget, Fbi Youth Leadership Academy Portland, Fbi Youngstown Ohio, Fbi Yearly Income, Fbi Zodiac Killer, Fbi Zodiac, Fbi Zip Code, Fbi Zodiac Killer List, Fbi Zero Files, Fbi Zodiac List, Fbi Zodiac Signs Killer, Fbi Zhang Yingying, Fbi Zion, Fbi Zodiac Crimes, Ransomware Protection, Ransomware Virus, Ransomware Attack, Ransomware Removal, Ransomware News, Ransomware 2017, Ransomware As A Service, Ransomware Patch, Ransomware Decryptor, Ransomware Statistics 2017, Ransomware Attack, Ransomware As A Service, Ransomware Attack 2017, Ransomware Attacks 2016, Ransomware Android, Ransomware Attacks In Usa, Ransomware Articles, Ransomware Attacks 2017 Wiki, Ransomware Apple, Ransomware Attacks Definition, Ransomware Bitcoin, Ransomware Blocker, Ransomware Builder, Ransomware Best Practices, Ransomware Business, Ransomware Blog, Ransomware Breach, Ransomware Background, Ransomware Backup, Ransomware Bitdefender, Ransomware Cost, Ransomware Cry, Ransomware Checker, Ransomware Cases, Ransomware Customer Service, Ransomware Cerber, Ransomware Case Study, Ransomware Code, Ransomware Cnn, Ransomware Cisco, Ransomware Decryptor, Ransomware Download, Ransomware Definition, Ransomware Decrypt, Ransomware Detection, Ransomware Decrypt Tool, Ransomware Defense, Ransomware Definition Computer, Ransomware Defender, Ransomware Dropbox, Ransomware Extensions, Ransomware Example, Ransomware Epidemic, Ransomware Email, Ransomware Encryption, Ransomware Encrypted Files, Ransomware Explained, Ransomware Email Example, Ransomware Education, Ransomware Examples 2017, Ransomware Fix, Ransomware File Decryptor, Ransomware Fbi, Ransomware Facts, Ransomware Free, Ransomware For Dummies, Ransomware Families, Ransomware For Mac, Ransomware Facts 2017, Ransomware File Extensions List, Ransomware Google Drive, Ransomware Github, Ransomware Game, Ransomware Graphic, Ransomware Government, Ransomware Gif, Ransomware Gpo, Ransomware Google Docs, Ransomware Growth, Ransomware Google Chrome, Ransomware Hospital, Ransomware Healthcare, Ransomware History, Ransomware Hack, Ransomware Hackers, Ransomware Hospital 2017, Ransomware Help, Ransomware Hero, Ransomware Hipaa, Ransomware Hacker Caught, Ransomware Insurance, Ransomware Images, Ransomware Iphone, Ransomware Infographic, Ransomware Icon, Ransomware In Healthcare, Ransomware Identifier, Ransomware Incident Response Plan, Ransomware Incidents, Ransomware Incident Response, Ransomware Jaff, Ransomware Jigsaw, Ransomware Javascript, Ransomware June 2017, Ransomware Jokes, Ransomware Java, Ransomware Jail, Ransomware Japan, Ransomware Juniper, Ransomware Jeff, Ransomware Kaspersky, Ransomware Kill Switch, Ransomware Keys, Ransomware Kb, Ransomware Kill Chain, Ransomware Kit, Ransomware Keys Released, Ransomware Killer, Ransomware Kb Patch, Ransomware Korea, Ransomware List, Ransomware Linux, Ransomware Locky, Ransomware Law Firm, Ransomware Logo, Ransomware Laws, Ransomware Losses 2016, Ransomware Latest News, Ransomware Latest, Ransomware League Of Legends, Ransomware Mac, Ransomware Meaning, Ransomware Microsoft Patch, Ransomware Michigan, Ransomware Microsoft, Ransomware Meme, Ransomware Message, Ransomware Mcafee, Ransomware May 2017, Ransomware Map, Ransomware News, Ransomware Npr, Ransomware Names, Ransomware Nsa, Ransomware Nhs, Ransomware Netflix, Ransomware Note, Ransomware Norton, Ransomware Network Drive, Ransomware Numbers, Ransomware On Mac, Ransomware On Iphone, Ransomware On The Rise, Ransomware Outbreak, Ransomware Onedrive, Ransomware On Ipad, Ransomware On Android, Ransomware On Linux, Ransomware Origin, Ransomware Onion, Ransomware Protection, Ransomware Patch, Ransomware Patch Microsoft, Ransomware Prevention, Ransomware Popup, Ransomware Playbook, Ransomware Payment, Ransomware Policy, Ransomware Phishing, Ransomware Pdf, Ransomware Quiz, Ransomware Quizlet, Ransomware Quotes, Ransomware Questions, Ransomware Que Es, Ransomware Qnap, Ransomware Quora, Ransomware Qq.com, Ransomware Qualys, Ransomware Quick Heal, Ransomware Removal, Ransomware Removal Windows 10, Ransomware Recovery, Ransomware Reddit, Ransomware Removal Malwarebytes, Ransomware Response Plan, Ransomware Removal Tools, Ransomware Rdp, Ransomware Research Paper, Ransomware Report, Ransomware Statistics 2017, Ransomware Statistics, Ransomware Scanner, Ransomware Statistics 2016, Ransomware Screenshot, Ransomware Source Code, Ransomware Solutions, Ransomware Simulator, Ransomware Samples, Ransomware Symptoms, Ransomware Tracker, Ransomware Types, Ransomware Trends, Ransomware Tabletop Exercise, Ransomware Timeline, Ransomware Training, Ransomware Test, Ransomware Tools, Ransomware Threat, Ransomware Trend Micro, Ransomware Update, Ransomware Uk, Ransomware United States, Ransomware User Education, Ransomware Usa, Ransomware Unlocker, Ransomware Ups, Ransomware University, Ransomware Usa Today, Ransomware Update For Xp, Ransomware Virus, Ransomware Virus Removal, Ransomware Variants, Ransomware Virus 2017, Ransomware Victims, Ransomware And Malware, Ransomware Video, Ransomware Variants List, Ransomware Virus Definition, Ransomware Vaccine, Ransomware Wanna Cry, Ransomware Wiki, Ransomware Windows Update, Ransomware Windows 10, Ransomware Windows 7, Ransomware What To Do, Ransomware Worm, Ransomware Windows Xp, Ransomware Windows Patch, Ransomware Wallet, Ransomware Xp Patch, Ransomware Xp, Ransomware Xp Patch Download, Ransomware Xbox, Ransomware Xdata, Ransomware Xp Only, Ransomware X3m, Ransomware Xp Patch Microsoft, Ransomware Xp Patch Link, Ransomware Xp Download, Ransomware Youtube, Ransomware Yahoo, Ransomware Yara, Ransomware Yahoo Answers, Ransomware Yesterday, Ransomware Yara Rules, Ransomware Y La Amenaza Wanna Cry, Ransomware Your Personal Files Are Encrypted, New York Times Ransomware, Help_your_files Ransomware, Ransomware .Zzz, Zeus Ransomware, Zonealarm Ransomware
Bernd Pulch 
You must be logged in to post a comment.