-
#Emotet DOCX files launch powershell.exe with BASE64 parameter, which is merged from (amongst other) document's variables, that are not part of the VBA itself. How to dump these variables? Cc@DidierStevens Sample: 9CC6AE3B001A67E54C8DD44B998B2ADD0F7E0D3DA5DEA3EBDCDA12F4DCCD5136pic.twitter.com/84J5X2JKI8
-
Two part blog post about
#emotet modules. The first part gives an overview of the modules in general and how the payload encryption of wrapper modules (e.g. the ones comprising WebBrowserPassView or MailPassView) works. https://www.telekom.com/en/blog/group/article/cybersecurity-dissecting-emotet-part-one-592612 … -
#Trickbot ITW is now using a brand new#UACBypass for Windows 10 machines: wsreset.exe uac bypass.#Emotet More info here: https://lolbas-project.github.io/lolbas/Binaries/Wsreset/ … https://www.activecyber.us/activelabs/windows-uac-bypass …pic.twitter.com/FR9ekFKPO1
-
#emotet Sometimes makes mistakes... Here's their filename generation regex... pic.twitter.com/LIkQSjpJJJ
Prikaži ovu nit -
Interested in learning how to debug macros or learn more about the structure of user forms? In my latest video, I show you how to use the Office IDE to debug a recent
#emotet#maldoc https://youtu.be/xcRPhm5iRdo pic.twitter.com/ALBIp7wq2Q
-
#Emotet gets ready for#Tex season with malicious#W9 forms https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/ … -
Current
#emotet Epoch 1 C2 endpoints https://pastebin.com/dsNCQtYQ -
Check out how CST Responds to an
#emotet attack! Is your#network secure?https://lnkd.in/em6ukpp -
#emotet E1 template this morning product_notice pic.twitter.com/PsJIItQstx
-
#Emotet AAR for 2020/02/04: No malspam received here today but other trustworthy sources say today was a moderate day. Seeing more annoying Medical report reply chain spam. Also big events going on and interesting findings from the Cryptolaemus team. Hopefully more deets soon. TT https://twitter.com/Cryptolaemus1/status/1224955981345558529 …#Emotet Daily Summary Post for 2020/02/04: E3 doc links hosting E1 docs? New loader on all 3 botnet distro 20:40-22:00UTC? Possible
E4 emerging? We are still attempting to confirm, more details soon! E1 ~124, E2 ~ 121, E3 ~ 71. TT
https://pastebin.com/raw/jXHngNYd
https://paste.cryptolaemus.com/emotet/2020/02/04/emotet-malware-IoCs_02-04-20.html …Prikaži ovu nit -
New
#emotet Epoch 3 urls //ga-partnership.com/wp-admin/d0i-2eeblx-9930/ //linkgensci.com/resource/c3eu4q3-b5w2h61rdb-8197/ //baakcafe.com/wp-content/mhkrxe-d2h032l6-5086928236/ s://wieland-juettner.de/tmp/gchr0th5-k14id-888563939/ s://apo-alte-post.de/layouts/pdtCNPBN/ -
few recent
#emotet using#MPRESS#packer as outer layerpic.twitter.com/9wAoTYU75o
-
#Emotet#trickbot My new favorite folder. Nice to know someone tracks my time.pic.twitter.com/bzw0N2hcCM
-
Emotet Gets Ready for Tax Season With Malicious W-9 Forms https://www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/ … "This week, the Japan CERT released a new tool called EmoCheck that lets you easily check if a computer is infected with Emotet."
#EmotetPrikaži ovu nit -
New
#emotet Epoch 2 urls //faro-master.ru/wp-includes/wzx/ //blog.adpubmatic.com/cgi-bin/v0/ //www.40ad.com/tmp/AQA/ //anaracademy.ir/wp-includes/Gcp2mV/ s://procast.nl/wp-admin/uz/ -
Spam disguises itself as party invites, invoices, voice mails, even invites to a Greta Thunberg event. Make sure your employees are aware of threats, but always have a backup plan. Protect your network at http://hillstonenet.com http://bit.ly/2O4xcpU
#emotet#spam pic.twitter.com/TB9Y6pm4ZD
-
New
#emotet Epoch 3 urls //medical.hsh-bh.com/wp-admin/4xmE1404/ s://elifehotel.com/cgi-bin/hzdXtyh/ //ceylongems.konektholdings.com/test/f01D/ s://bankingdb.com/blog/eA/ //modahub.site/wp-admin/Ccq569913/ -
#Emotet#trickbot Also thought its interesting that my lab environment saw Emotet/TrickBot going ham until 07:00am then it dropped off. Thing is it's very much still running and can be seen in the processes. Is it trying to hide?pic.twitter.com/zHBWxJaRfy
-
#Emotet#trickbot For anyone looking to blacklist something. TickBot created the task.pic.twitter.com/p1Yxbd5QIW
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.