Recently I decided to go spelunking through our data in search of any rarities that we have collected. And today I will share some of these interesting specimens. None of these samples are truly unique and most of them are already well known and well documented, but this exercise can …
Yes… another Emotet post, but they just keep on changing things up! We were having a look around our data from the Emotet botnet and came across an interesting example of the reply-chain tactic that has become the new normal for them.
As can be seen in the example above, …
If you’ve been following any infosec community news recenty, you may have seen that the SHA1 hash has taken yet another blow. Shoutout to Dan Goodin at Ars Technica for an easy-to-follow explanation of what just happened here. This isn’t the first time SHA1 has had a bad day …
An email caught my eye this morning. Not because of a unique social engineering theme or a new delivery technique, but because of the sheer number of attachments, a shotgun approach to malware delivery. There were 3 RTF files with spoofed .doc and docx.doc extensions, an ARJ archive containing an …
The Emotet botnet began sending holiday themed emails today. While this isn’t necessarily new to them, it does go to show that they are constantly experimenting with relevant themes along with their reply-chain style emails. Below are a few examples of emails that we saw cross our wires today:
I’m sure I’m not the only one who knows of someone who, as a young child, had a dog. They liked dogs, so they learned dogs. Dogs have four legs, and they stand on them. One day, it became apparent …
Recently, I stumbled on an odd Agent Tesla sample that downloaded a paste from pastebin.com. This is not a normal TTP for most actors who license Agent Tesla for use in their malicious campaigns. And to make things more interesting, the paste was the hexadecimal representation of the binary and …
Racoon Stealer is a newer addition to the daily deluge of malware seen. It first came to market back around April of this year (2019) and has since found a solid user base to spread it. Believed to be developed by people residing within CIS countries, it has multiple capabilities …
“Efficiency is intelligent laziness”
-David Dunham
Scripting is a great way to spend ten times the amount of time to automate something as it would have taken to just do it in the first place. Sometimes it’s worth it because it saves you time in the long run, and sometimes …
Our neighbors in the Cofense Phishing Defense Center (PDC) recently wrote an article about an interesting phishing email and its associated malware, which can be found here: https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/
As part of their analysis, they shared an interesting VBscript and I couldn’t resist the urge to deobfuscate it. I was immediately …