Weekly News Roundup — May 5 to May 11

Weekly News Roundup — May 5 to May 11

Summary — A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted or intended to be an exhaustive source, but simply a collection of items I found interesting…

FlawedAmmyy RAT & Excel 4.0 Macros

FlawedAmmyy RAT & Excel 4.0 Macros

Summary According to Proofpoint’s Q4 2018 Quarterly Threat Report, the volume of Remote Access Tools (RATs) significantly increased from 2017 to 2018. Previously, RATs only accounted for just .04% of all observed malware in the email channel. However, by Q4 of 2018, this figure increased to over 8%, and a RAT variant known as FlawedAmmyy…

Weekly News Roundup — April 21 to 27

Weekly News Roundup — April 21 to 27

Summary — A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my…

Weekly News Roundup — April 14 to 20

Weekly News Roundup — April 14 to 20

Summary — Welcome to Security Soup’s continuing coverage of infosec highlights from the previous week. The highlights include a collection of links relating to news, tools, threat research, and more! The focus trends toward DFIR and threat intelligence, but other hacking-related topics are included as well. This list is not intended to be an exhaustive…

Weekly News Roundup — April 7 to 13

Weekly News Roundup — April 7 to 13

Summary — Welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to…

A Quick Look at Emotet’s Updated JavaScript Dropper

A Quick Look at Emotet’s Updated JavaScript Dropper

Summary Emotet is an advanced, modular downloader that primarily functions as a dropper of other opportunistic malware variants. Emotet continues to be among the most widely distributed and destructive malware variants affecting organizations throughout the private and public sectors. In a previous joint Technical Alert, US-CERT identified that Emotet infections have cost organizations up to…

Weekly News Roundup — March 24 to 30

Weekly News Roundup — March 24 to 30

Summary — Welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to…

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3

read time = 5 minutes Summary This is the third in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 and Part 2 for some additional background. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part…