DoppelDridex Delivered via Slack and Discord

DoppelDridex Delivered via Slack and Discord

Summary Several recent phishing campaigns have attempted to deliver a variant of the Dridex banking trojan via payloads staged on Slack and Discord CDNs. This is DoppelDridex, a modified variant of original Dridex malware. It is operated by the financially motivate eCrime adversary tracked as DOPPEL SPIDER. Additional tooling is often delivered as a secondary…

“Squirrelwaffle” Maldoc Analysis

“Squirrelwaffle” Maldoc Analysis

Summary Squirrelwaffle is an emerging malware threat noted by several security researchers beginning around September 13th. TheAnalyst, @ffforward noted a new payload delivered on the “TR” botnet. Brad Duncan at Malware Traffic Analysis also observed that this new loader was being delivered by the same “TR” infrastructure that historically delivered the Qakbot banking trojan. He…

Quick Post: Mummy Spider Delivers Emotet Maldocs for the Holidays

Quick Post: Mummy Spider Delivers Emotet Maldocs for the Holidays

Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections cost state…

Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs

Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs

Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections cost state…

New Obfuscation Techniques in Emotet Maldocs

New Obfuscation Techniques in Emotet Maldocs

Summary Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections…

Quick Post: Analyzing Maldoc with “Do While” Loop in VBA Downloader

Quick Post: Analyzing Maldoc with “Do While” Loop in VBA Downloader

Summary Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that…

Quick Post: Host Artifacts from a Recent Emotet Infection

Quick Post: Host Artifacts from a Recent Emotet Infection

Summary If you’ve been following malware threats and/or the information security happenings of the past couple weeks in general, then you are likely aware that Emotet, everyone’s favorite malware downloader, has returned to active spamming operations. There has been a ton of great coverage on many aspects of its return to active campaigns. Shameless plug:…