Category: Lab Notes

While searching through our data for any samples of our current pandemic and threat actors’ favorite theme, I came across a rather interesting sample. The email and DOC are rather simple but consistent in theme and lacking the usual spelling and grammatical errors.

Continue Reading

An Easy Networking Lab

We tend to go a bit overkill on everything. Building a desktop? Yeah, 64GB of RAM should suffice, you know, just in case Windows 11 comes out next week. Testing a new service in Amazon EC2? Well t3.xlarge has more than enough just enough in case of technical things I …

Continue Reading

All You Need Is Text

Recently I decided to go spelunking through our data in search of any rarities that we have collected. And today I will share some of these interesting specimens. None of these samples are truly unique and most of them are already well known and well documented, but this exercise can …

Continue Reading

Yes… another Emotet post, but they just keep on changing things up! We were having a look around our data from the Emotet botnet and came across an interesting example of the reply-chain tactic that has become the new normal for them.

As can be seen in the example above, …

Continue Reading

Shotgun Wedding

An email caught my eye this morning. Not because of a unique social engineering theme or a new delivery technique, but because of the sheer number of attachments, a shotgun approach to malware delivery. There were 3 RTF files with spoofed .doc and docx.doc extensions, an ARJ archive containing an …

Continue Reading

The Emotet botnet began sending holiday themed emails today. While this isn’t necessarily new to them, it does go to show that they are constantly experimenting with relevant themes along with their reply-chain style emails. Below are a few examples of emails that we saw cross our wires today:

Holiday
Continue Reading

The complexities of intelligence (late night ramblings of a madman)

I’m sure I’m not the only one who knows of someone who, as a young child, had a dog.  They liked dogs, so they learned dogs.  Dogs have four legs, and they stand on them.  One day, it became apparent …

Continue Reading

Recently, I stumbled on an odd Agent Tesla sample that downloaded a paste from pastebin.com. This is not a normal TTP for most actors who license Agent Tesla for use in their malicious campaigns. And to make things more interesting, the paste was the hexadecimal representation of the binary and …

Continue Reading