Collaborate Disseminate
I published the following diary on isc.sans.edu: “Russian Dolls VBS Obfuscation“: We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry’s sample was delivered in a password-protected ZIP archive and the
The post [SANS ISC] Russian Dolls VBS Obfuscation appeared first on /dev/random.
I published the following diary on isc.sans.edu: “Spotting the Red Team on VirusTotal!“: Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but… VirusTotal remains a cloud service. It means that, once you uploaded a
The post [SANS ISC] Spotting the Red Team on VirusTotal! appeared first on /dev/random.
Continue reading [SANS ISC] Spotting the Red Team on VirusTotal!
I published the following diary on isc.sans.edu: “From VBS, PowerShell, C Sharp, Process Hollowing to RAT“: VBS files are interesting to deliver malicious content to a victim’s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian
The post [SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT appeared first on /dev/random.
Continue reading [SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT
It has been very quiet with regards to malware in the UK for the last month or so. All I have been seeing has been the commodity malware like AgentTesla, Hawkeye & Lokibot that is frequently used by Skiddies and low grade bad actors who buy an off … Continue reading Fake west-telecom.com Update Notice delivers Qbot backdoor
I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will b… Continue reading Gootkit banking Trojan via Fake UKPC parking penalty appeals
A rather interesting malware campaign from overnight. It all starts with an email pretending to be a payment receipt that contains a .tar attachment which contains a vbs file. As per usual the email is just generic enough to entice a recipient to open … Continue reading Fake Payment receipt vbs drops njrat bladabindi downloads Agent Tesla via Sendspace.
Starting Yesterday evening and continuing steadily all day so far today, we saw what was supposed to be a malspam campaign with a lure of court summonses. None of the links I followed actually delivered any malware but did instead lead to a zip file t… Continue reading Fake Court summonses, Judgements, Subpoenas delivering malware
Today’s first malspam example is an email pretending to be a Google drive shared documents notification with the subject of Documents coming from UAE Exchange <res@fairviewres.co.uk> with a link in the email body to download a zip wh… Continue reading fake Google Drive shared documents notification
We have had a break from Trickbot hitting the UK in last week or so, that generally means that the criminals are experimenting with new delivery systems. The reappearance on Monday 25 June 2018 confirms this. I am not sure how successful this new syste… Continue reading Fake HMRC “Important : Outstanding Amount ” delivers Trickbot via CVE-2018-8174
We have had a break from Trickbot hitting the UK in last week or so, that generally means that the criminals are experimenting with new delivery systems. The reappearance on Monday 25 June 2018 confirms this. I am not sure how successful this new sys… Continue reading Fake Barclays Secured Message: New Message Received delivers Trickbot via CVE-2018-8174