SUMMARY / RELATED TOPICS

Crassispira pellisphocae

Crassispira pellisphocae is a species of sea snail, a marine gastropod mollusk in the family Pseudomelatomidae. The length of the shell varies between 11 mm; the small shell has a warm yellow brown color. It has a blunt short smooth protoconch of a 1½ whorl, followed by five or more subsequent moderately rounded whorls; the suture is distinct and moderately constricted with three or four fine spiral striae on the fasciole. The spiral sculpture consists of fine equal spaced threads, with narrower deep interspaces, forming minute nodules where they cross the ribs. On the body whorl the threading continues hardly altered, to the end of the siphonal canal; the axial sculpture consists of narrow ribs with subequal interspaces, extended from the fasciole to the siphonal canal, forming a uniform reticulation over the whole surface. The aperture is rather wide; the inner lip is erased. The whitish columella is stout; the siphonal canal is short and wide, hardly differentiated from the aperture. This species occurs in the Sea of Western Mexico.

Lea, H. C. 1841. Descriptions of some new species of fossil shells from the Eocene at Claiborne, Alabama. American Journal of Science and Arts, series 1, 40:92–103, 1 pl Fallon P. J. Descriptions and illustrations of some new and poorly known turrids of the tropical northwestern Atlantic. Part 2. Genus Crassispira Swainson, 1840, subgenera Monilispira Bartsch & Rehder, 1939 and Dallspira Bartsch, 1950; the Nautilus 125: 15–28 Tucker, J. K.. "Catalog of recent and fossil turrids". Zootaxa. 682: 1–1295. "Crassispira pellisphocae". Gastropods.com. Retrieved 16 January 2019. De Jong K. M. & Coomans H. E. Marine gastropods from Aruba and Bonaire. Leiden: E. J. Brill. 261 pp

BlackEnergy

BlackEnergy Malware was first reported in 2007 as an HTTP-based toolkit that generated bots to execute distributed denial of service attacks. In 2010, BlackEnergy 2 emerged with capabilities beyond DDoS. In 2014, BlackEnergy 3 came equipped with a variety of plug-ins. A Russian-based group known as Sandworm is attributed with using BlackEnergy targeted attacks; the attack is distributed via a Word document or PowerPoint attachment in an email, luring victims into clicking the legitimate file. BlackEnergy's code facilitates different attack types to infect target machines, it is equipped with server-side scripts which the perpetrators can develop in the Command and control server. Cybercriminals use the BlackEnergy bot builder toolkit to generate customized bot client executable files that are distributed to targets via email spam and phishing e-mail campaigns. BE1 relies on external tools to load the bot. BlackEnergy can be detected using the YARA signatures provided by the United States Department of Homeland Security.

• can target more than one IP address per hostname • has a runtime encrypter to evade detection by antivirus software • hides its processes in a system driver • DDoS attack commands • download commands to retrieve and launch new or updated executables from its server • control commands BlackEnergy 2 uses sophisticated rootkit/process-injection techniques, robust encryption, a modular architecture known as a "dropper". This decrypts and decompresses the rootkit driver binary and installs it on the victim machine as a server with a randomly generated name; as an update on BlackEnergy 1, it combines older rootkit source code with new functions for unpacking and injecting modules into user processes. Packed content is compressed using the LZ77 algorithm and encrypted using a modified version of the RC4 cipher. A hard-coded 128-bit key decrypts embedded content. For decrypting network traffic, the cipher uses the bot's unique identification string as the key. A second variation of the encryption/compression scheme adds an initialization vector to the modified RC4 cipher for additional protection in the dropper and rootkit unpacking stub, but is not used in the inner rootkit nor in the userspace modules.

The primary modification in the RC4 implementation in BlackEnergy 2 lies in the key-scheduling algorithm. • can execute local files • can download and execute remote files • updates itself and its plugins with command and control servers • can execute die or destroy commands The latest full version of BlackEnergy emerged in 2014. The changes simplified the malware code: this version installer drops the main dynamically linked library component directly to the local application data folder; this variant of the malware was involved in the December 2015 Ukraine power grid cyberattack. • fs.dll — File system operations • si.dll — System information, “BlackEnergy Lite” • jn.dll — Parasitic infector • ki.dll — Keystroke Logging • ps.dll — Password stealer • ss.dll — Screenshots • vs.dll — Network discovery, remote execution • tv.dll — Team viewer • rd.dll — Simple pseudo “remote desktop” • up.dll — Update malware • dc.dll — List Windows accounts • bs.dll — Query system hardware, BIOS, Windows info • dstr.dll — Destroy system • scan.dll — Network scan