FlawedAmmyy RAT & Excel 4.0 Macros

FlawedAmmyy RAT & Excel 4.0 Macros

Summary According to Proofpoint’s Q4 2018 Quarterly Threat Report, the volume of Remote Access Tools (RATs) significantly increased from 2017 to 2018. Previously, RATs only accounted for just .04% of all observed malware in the email channel. However, by Q4 of 2018, this figure increased to over 8%, and a RAT variant known as FlawedAmmyy…

A Quick Look at Emotet’s Updated JavaScript Dropper

A Quick Look at Emotet’s Updated JavaScript Dropper

Summary Emotet is an advanced, modular downloader that primarily functions as a dropper of other opportunistic malware variants. Emotet continues to be among the most widely distributed and destructive malware variants affecting organizations throughout the private and public sectors. In a previous joint Technical Alert, US-CERT identified that Emotet infections have cost organizations up to…

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3

read time = 5 minutes Summary This is the third in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 and Part 2 for some additional background. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part…

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 2

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 2

read time = 4 minutes Summary This is the second in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 for some additional background,. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part 1, they may…

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 1

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 1

read time = 3 minutes Summary:  The goal of this tutorial series is to show analysts a variety of methods to extract IOCs from malicious document samples as an alternative to a reliance on automated sandboxes. Sandboxes are valuable tools, but in many cases (with default settings) they may not provide full details and critical…