Summary I came across a fairly interesting VBS-based DanaBot downloader the other day, and I figured it was worth doing a quick write-up on the obfuscation scheme and a few of the other TPPs I observed. The social engineering pretext used in this campaign was interesting as it leveraged an “unclaimed property” themed lure and…
All posts tagged Research
“Squirrelwaffle” Maldoc Analysis
Summary Squirrelwaffle is an emerging malware threat noted by several security researchers beginning around September 13th. TheAnalyst, @ffforward noted a new payload delivered on the “TR” botnet. Brad Duncan at Malware Traffic Analysis also observed that this new loader was being delivered by the same “TR” infrastructure that historically delivered the Qakbot banking trojan. He…
The United States Cybersecurity Mission: A Policy Review and Assessment of Leadership Roles
Disclaimer: The following is a paper I wrote many years ago as an inexperienced and (somewhat) young person interested in security. I’ve decided to share it here based on the policy discussions raised during the recent Senate Intelligence Committee hearing on the Solar Winds incident. tl;dr My main thesis was that the overall security posture…
Quick Post: Mummy Spider Delivers Emotet Maldocs for the Holidays
Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections cost state…
Analysis of Valak Maldoc
Summary The Valak malware variant appears to be an emerging threat due to an increased volume of campaign activity by its operators. Besides its relative newness, Valak is also noteworthy for a few of its other operational aspects such as an interesting execution chain and some unconventional tactics leveraged in the VB macro script of…
New Obfuscation Techniques in Emotet Maldocs
Summary Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections…
Quick Post: Analyzing Maldoc with “Do While” Loop in VBA Downloader
Summary Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that…
Analysis of a New Emotet Maldoc with VBA Downloader
Summary Emotet is a modular delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet…
Good Domains for Bad Guys: The Riskiest TLDs for Malware and Phishing
read time = 10 minutes Summary Domain names are strings that define an association to an Internet Protocol (IP) resource. They may represent any website, server, or client host attempting to communicate via the internet. Anyone using the internet encounters them everyday as they are simply the letters that come after the [dot] in an…
A Quick Look at Emotet’s Updated JavaScript Dropper
Summary Emotet is an advanced, modular downloader that primarily functions as a dropper of other opportunistic malware variants. Emotet continues to be among the most widely distributed and destructive malware variants affecting organizations throughout the private and public sectors. In a previous joint Technical Alert, US-CERT identified that Emotet infections have cost organizations up to…