Detecting Empire with USM Anywhere

October 18, 2018 | Jose Manuel Martin
Jose Manuel Martin

Jose Manuel Martin

Jose is a Security Researcher and a part of the AlienVault Labs team. His interest in development led Jose to work as an Application Security Engineer and Scrum Master in the past. Nowadays he enjoys watching old-fashioned movies, researching threat models, and finding new mechanisms to detect malware. Also, he is an enthusiast of information theory and physics.

October 18, 2018 | Jose Manuel Martin

Detecting Empire with USM Anywhere

Empire is an open source post-exploitation framework that acts as a capable backdoor on infected systems.  It provides a management platform for infected machines. Empire can deploy PowerShell and Python agents to infect both Windows and Linux systems.Empire can:Deploy fileless agents to perform command and control. Exploit vulnerabilities to escalate privileges. Install itself for persistence. Steal user…

August 1, 2018 | Jose Manuel Martin

Off-the-shelf RATs Targeting Pakistan

IntroductionWe’ve identified a number of spear phishing campaigns with Pakistani themed documents, likely targeting the region. These spear phishing emails use a mix of different openly available malware and document exploits for delivery. These are served from the compromised domains www.serrurier-secours[.]be and careers.fwo.com[.]pk (a part of the Pakistani army). There are some…

Get the latest security news in your inbox.

Subscribe via Email

June 20, 2018 | Jose Manuel Martin

GZipDe: An Encrypted Downloader Serving Metasploit

At the end of May a Middle Eastern news network published an article about the next Shanghai Cooperation Organization Summit. A week ago, AlienVault Labs detected a new malicious document targeting the area. It uses a piece of text taken from the report as a decoy:This is the first step of a multistage infection in which several servers and…

Watch a Demo ›
GET PRICE FREE TRIAL