Threat HUNTing Platform
Credential Risk Assessment and Remediation
ORKOS: Preventing the 9 steps to domain collapse
R9B understands the cognitive aspects of cyber operations. Our curriculum provides the hands-on technical skills students require to attain a variety of advanced cybersecurity qualifications. We instill the knowledge, skills, and abilities necessary for our students to defeat the adversary. Below are our available courses. Please check back often as our course offerings are updated regularly. Government organizations, please contact R9B directly via training@root9B.com for pricing and purchasing information.
In May 2015, root9B released an APT28 Threat Defiance report (1) detailing pre-event indicators and threat information regarding a pending attack on several entities. This follow-up report is focused on providing additional insight and technical analysis of a malware sample that was originally reported.
Approximately 45 days after the release of the root9B report, Netzpolitik released a report on a breach of the German Parliament. The Netzpolitik report (2) detailed the malware and methods employed in the breach and attributed the event to APT28. The attack on the German Parliament used similar malware and the same command and control infrastructure that was identified in the original root9B report.
The following information is root9B’s malware analysis of the malicious Dynamic Link Library (DLL) noted in our May 2015 report and presents a strong link to the recovered malware sample reported in the German Parliament exploit. Both samples appear to have been created from the same code base and share the same command and control infrastructure. This report provides additional security measures to defend against this variant of the malware.
Throughout the report, “sample 1” refers to the Netzpolitik malware sample which was described in Claudio Guarnieri’s report. “Sample 2” refers to the .DLL sample of the malware analyzed by root9B.
BACK TO NEWSROOM