Collaborate Disseminate
In October 2019, we encountered a phishing campaign delivering a malicious Microsoft Word document that distributed ransomware with a twist. Unlike most ransomware families, such as GandCrab, WannaCry and RobinHood, the malware was not compiled code. I… Continue reading Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files
In mid-September 2019, Emotet resumed its activity and we evaluated changes to its operation in a previous blog post by Alex Holland. One of the noticeable changes is that some of the malicious Microsoft Word downloaders drop and execute JavaScript dur… Continue reading Reawakening of Emotet: An Analysis of its JavaScript Downloader
Written by Toby Gray and Ratnesh Pandey. Endpoint detection and response (EDR) tools rely on operating system events to detect malicious activity that is generated when malware is run. These events are later correlated and analysed to detect anomalous… Continue reading Agent Tesla: Evading EDR by Removing API Hooks
Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882&… Continue reading Protect Before You Detect: FlawedAmmyy and the Case for Isolation
This blog is a continuation of our blog series on the Emotet banking Trojan. So far, we have analysed Emotet’s delivery mechanism and its behaviour through dynamic analysis. The host and network data captured from Emotet found that it escalates i… Continue reading The Emotet-ion Game (Part 3)
Emotet is a highly modular banking Trojan that has a proper decision tree-based algorithm to perform designated tasks. Due to Emotet’s capability to deliver obfuscated payloads and extend its capabilities through self-upgradable modules, it has b… Continue reading Emotet: Catch Me If You Can (Part 2 of 3)