Author: Jason Meurer

The Dead Have Risen

On July 17, 2020 the Emotet botnet sprang back to life from a five-month hiatus—by far the longest break of the preceding few years.  We assess it is possible that COVID may have thrown a monkey wrench into their plans, but we cannot be sure of that.  While this is …

Continue Reading

As we have noted before, attackers will leverage any file format they can to evade security protections put in place by their targets. (https://cofenselabs.com/all-you-need-is-text/).

On Jun 11, 2020 we noticed an odd file extension show up in our analysis pipeline.

It was a jnlp file. The jnlp extension is short …

Continue Reading

Normally we try to allow our personalities shine through our posts, but we are living in abnormal times. The coronavirus (COVID-19) is a pandemic and is affecting everyone and everything.  As if worrying about whether or not you will live or die isn’t enough, criminals began capitalizing on the worry …

Continue Reading

Yes… another Emotet post, but they just keep on changing things up! We were having a look around our data from the Emotet botnet and came across an interesting example of the reply-chain tactic that has become the new normal for them.

As can be seen in the example above, …

Continue Reading

The Emotet botnet began sending holiday themed emails today. While this isn’t necessarily new to them, it does go to show that they are constantly experimenting with relevant themes along with their reply-chain style emails. Below are a few examples of emails that we saw cross our wires today:

Holiday
Continue Reading

Ran across this brand new angle on sextortion today. Instead of looking for creds to use for authenticity in a sexotortion email, this actor has decided to send a very small and generic email with a link to a blog site. Reviewing the site leads to what amounts to a …

Continue Reading