#emotet — Public Fediverse posts

Hackergruppe soll 170 Cyberangriffe verübt haben | Security https://www.heise.de/news/Hackergruppe-soll-170-Cyberangriffe-veruebt-haben-10484311.html #Malware #Ransomware #Trickbot #Emotet #Ryuk #WizardSpider

20 Jahre #Melani: Die grössten Fälle - inside-it.ch https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219 #Hacking #CyberCrime #Malware #Ransomware #DDoS #log4j #HeartBleed #Emotet #NotPetya #Stuxnet #WannaCry

🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/

#OperationENDGAME

Financial cyberthreats in 2023 – Source: securelist.com https://ciso2ciso.com/financial-cyberthreats-in-2023-source-securelist-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Financialmalware #Financialthreats #MicrosoftWindows #SpamandPhishing #Windowsmalware #GoogleAndroid #MobileMalware #Mobilethreats #securelistcom #Publications #TrojanBanker #Phishing #Emotet #QakBot #fraud

#emotet seems to be back https://www.trellix.com/en-us/about/newsroom/stories/research/icymi-emotet-reappeared-early-this-year-unfortunately.html?eid=6D51GUQV&smcid=LNO&utm_campaign=employee&utm_source=employee&utm_medium=organic&blaid=5042057 - #securiy - I know its 2 weeks old

Introducing the newest major @tidalcyber TTP intelligence content roundup, the Initial Access & Malware Delivery Landscape matrix, now live in our free Community Edition platform: https://app.tidalcyber.com/share/43836024-a194-4ac7-9659-b51e88632e7f

The matrix covers 25 major & emerging #malware typically used to gain early footholds in victim environments, often leading to ingress of more impactful threats, especially #ransomware, #infostealers, cryptominers, & more. It includes many recognizable names (#QakBot, #IcedID, #Emotet, #Bumblebee, #Gootloader) plus several newer and less-discussed threats

The matrix includes 13 custom Technique Sets for threats not currently tracked in the #mitreattack knowledge base. All technique references derive from a large volume of recent, public #threat reporting (click the labels in the ribbon at the top of the matrix to view relevant source URLs for each threat)

An interactive link analysis visualization of connections among these threats, also derived from public reports, is also available here: https://onodo.org/visualizations/235067/

Community Edition matrices support easy identification of shared (and outlier) techniques among multiple threats, and quick & easy overlay or pivoting to defensive & offensive security capabilities relevant to your own #security stack. We’ll have a blog out soon reviewing our analysis of top & trending techniques common among these initial access threats

Tidal’s #Adversary Intelligence team remains focused on providing up-to-date #TTPintelligence, especially around traditionally under-represented yet widely relevant threats like crimeware. Other popular matrices in this theme include our Ransomware & Data Extortion Landscape matrix (https://app.tidalcyber.com/share/9a0fd4e6-1daf-4f98-a91d-b73003eb2d6a) and Major & Emerging Infostealers matrix (https://app.tidalcyber.com/share/ec62f5e0-bd40-476b-a560-7ad2779ea9e3), which each cover 20+ threats

Financially motivated adversaries often display a rapid pace of #TTP evolution, and this is especially apparent for #initialaccess threats. Register for our webinar on May 31 dedicated to TTP evolution, its drivers, and discussion around what defenders can do to address it and its implications: https://hubs.la/Q01NC23k0

#SharedWithTidal #threatinformeddefense #malware #infostealer #cryptominer #IAB #blueteam #detectionengineering #purpleteam #cyber

URLhaus is operational for over 5 years, notifying hosting providers + network operators about malware hosted in their network 🪲 It's a shame that some hosting providers ignore abuse reports, spreading malware for over four years 🤯

Here's our current 💩-list 👇

AS38841 kbro 🇹🇼, spreading #hajime:
🌐 https://urlhaus.abuse.ch/url/86646/

AS23520 Columbus Networks 🇧🇸, spreading #hajime:
🌐 https://urlhaus.abuse.ch/url/91891/

AS29873 Newfold Digital 🇺🇸, spreading #FormBook:
🌐 https://urlhaus.abuse.ch/url/117832/

AS58955 Bangmod 🇹🇭, spreading #Emotet:
🌐 https://urlhaus.abuse.ch/url/200073/

Discovering An Unknown Infrastructure | ONYPHE
#Emotet #OpenResty
https://beta.onyphe.io/docs/use-cases/discovering-an-unknown-infrastructure

Get up to speed on the week's infosec news before another week in the trenches:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05

Last week's patch Tuesday had SmartScreen bypasses and the Ping of Death, but nothing could beat the #Outlook zero-click credential leak that #Microsoft patche-er, uh, wait, no not quite patched - turns out you can still abuse it locally to harvest NTLM credentials, yikes!

Non-transitive trusts have one job - to enable cross-domain authentication between only the two domains that maintain it. Turns out, that's not the case - you can actually pivot between domains and forests, authenticating to Services well outside the intended scope of the trust. And Microsoft aren't going to fix it.

#Emotet have realised in week two of their return that there's more to life than Macros, and have joined in the abuse of #OneNote files to deliver their lures.

In the world of ransomware, #BianLian have opted to focus on exfil-and-extortion campaigns, after Avast released a pesky decryptor for their ransomware in January this year. #CISA have opened their books and shared a detailed profile on #LockBit 3.0's favoured TTPs and tooling that's worth a read.

#Google TAG have ousted Microsoft taking the easy way out in their previous patch of a SmartScreen bypass, opting to issue a half-baked patch that the #Magniber ransomware crew quickly circumvented, enabling them to deliver over 100,000 malicous lures unencumbered by the now-patched security control.

If you're running Adobe's ColdFusion, Aruba ClearPass, or SAP software - you're going to want to make sure you caught and patched these vulnerabilities that debuted last week.

#Redteam members have a new and improved AD lab environment to play in, as well as new evasion techniques for remote shells and macros to add to the toolkit!

Offensive Security have a gift for the #blueteam in the defensive Kali Purple distro, and we've caught a bunch of awesome write-ups to help in scaling Detection Engineering and mitigating common initial access vectors.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #patchtuesday #adobe #ColdFusion #Aruba #ClearPass #SAP #Kali

Our Malware study for the calendar year 2022 is out!

Headline: Interisle reports that malware hosting activity in 2022 was most intense in China, India and United States

Information stealing and ransomware continue to rise, as does misuse of cloud and file sharing services for malware distribution. Also...

• Endpoint malware activity increased 50% over 2021. The Quackbot banking trojan was the most reported endpoint malware.

• IoT malware activity decreased in 2022. Mozi IoT malware reporting sharply declined in early 2022 but showed signs of renewed activity in 4Q 2022.

• 60% of reports identified malware that attacks or probes legitimate web sites. Nearly two-thirds of the reported probes were vulnerability scanners. PHP forum spammers accounted for one-third of attackware reported.

• The use of domain names in malware URLs grew sharply. Interisle found a 121% increase in the use of domain names in 4Q 2022.

• Attackers continued to exploit file sharing services and code repositories to distribute malware.

https://www.einpresswire.com/article/621395330/interisle-reports-that-malware-hosting-activity-in-2022-was-most-intense-in-china-india-and-united-states?r=paDW4MBm7CwDE0LM0l

#malware #cybercrime #quackbot #gafgyt #emotet #attackware

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.

A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.

#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;

The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.

A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.

#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;

The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.

A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.

#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;

The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.

A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.

#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;

The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#Emotet are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph #Android Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging #Microsoft #InTune to deliver payloads and an in-memory dropper to abuse the #BYOVD technique and evade EDR solutions.

A joint investigation by #Mandiant and #SonicWall has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by #Fortinet this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

#HiatusRAT is a novel malware targeting #DrayTek routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent #BatLoader and #Qakbot campaigns are also worth taking note of, as is #GoBruteforcer, a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the #Veeam vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the #VMWare Cloud Foundation product in the last two months, so make sure you’re patched against it.

#Redteam members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines #CobaltStrike’s reflective loading capability;

The #blueteam has some great tradecraft tips from @inversecos on #Azure DFIR, as well as tools to help scan websites for malicious objects, and to combat the new #Stealc #infostealer and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-09e?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #mdm #dprk #FortiOS #FortiProxy

The prolific #Emotet malware - tracked under the actor #MummySpider and #TA542 - is back after a 3 month break, delivering inflated (~500MB) macro-enabled Word documents via invoice-themed Phishing emails.

https://www.bleepingcomputer.com/news/security/emotet-malware-attacks-return-after-three-month-break/

The Word documents are contained in a password protected archive, and once opened and the malicious content is enabled, will download the Emotet payload - a similarly bloated dll file, designed to bypass automated scanning solutions that typically can't process large files.

Malware analyst Max Malyutin has a great summary of the ATT&CK techniques and IOCs seen in this campaign so far: https://twitter.com/Max_Mal_/status/1633102894328168448?t=Kn9N3dUIcqul_TTCu1aqzQ&s=19

Analysts may find debloat - a tool that strips guff from intentionally bloated executables - useful in processing samples: https://github.com/Squiblydoo/debloat

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #security #technology #malware #soc #threatintel #threatintelligence #phishing

RT @EC3Europol: 🎯 #DoppelPaymer #ransomware targeted organisations, critical infrastructure & industries.

🔓 It used a unique tool capable of compromising defence mechanisms by terminating the security-related process of the attacked systems.

The attacks were enabled by the #EMOTET malware.

🐦🔗: https://n.respublicae.eu/enisa_eu/status/1633044286412316675

In November, 2022 the most observed payload distributed through malware sites was #Amadey followed by #AgentTesla 🔥

Having a look at unique malware sites reported to URLhaus, we see #Emotet being at the very top of our ranking ⏫

Read more in our monthly malware digest:
👉 https://t.co/4Yg710BJa2

🗃️ Emotet

• Emotet Being Distributed Using Various Files
  🔗 https://asec.ahnlab.com/en/34556/

• Emotet DLL Part 2: Dynamic Analysis
  🔗 https://www.atomicmatryoshka.com/post/emotet-dll-part-2-dynamic-analysis

• Emotet Moves to 64 bit and Updates its Loader
  🔗 https://blogs.vmware.com/security/2022/05/emotet-moves-to-64-bit-and-updates-its-loader.html

• Emotet x64 Stack Strings Config Emulation
  🔗 https://research.openanalysis.net/emotet/emulation/config/dumpulator/malware/2022/05/19/emotet_x64_emulation.html

• Since its return in November 2021, Emotet has once again become one of the most prolific malware families.
  🔗 https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/

• The Resurgence of the Emotet Botnet Malware
  🔗 https://www.trendmicro.com/en_us/research/22/e/bruised-but-not-broken--the-resurgence-of-the-emotet-botnet-malw.html

#microsoft #malware #feodo #cyber #emotet #mealybug #mummyspider #ta542 #botnet #emulation #geodo #threats #x64 #windows #loader #informatique

Conti’s Ransomware Toll on the Healthcare Industry https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/ #HealthcareInformationandManagementSystemsSociety #U.S.Cybersecurity&InfrastructureSecurityAgency #HealthInformationSharing&AnalysisCenter #Ne'er-Do-WellNews #ALittleSunshine #Ransomware #ErrolWeiss #proofpoint #microsoft #Emsisoft #Zloader #Emotet #H-ISAC #sophos #Conti #Ryuk #fbi

📬Lesetipps: Boomer-Politik, TikTok trackt, ein Horcrux, Emotet zerschlagen?📬 https://tarnkappe.info/lesetipps-boomer-politik-tiktok-trackt-ein-horcrux-emotet-zerschlagen/ #Sicherheitslücke #DanielaLudwig #Datenschutz #Privatspäre #Lesetipps #Emotet #signal #TikTok

📬Emotet is back: weihnachtliche Rückkehr mit neuen Taktiken📬 https://tarnkappe.info/emotet-is-back-weihnachtliche-rueckkehr-mit-neuen-taktiken/ #Malwarebytes #Proofpoint #TrendMicro #BradHaas #Hacking #Cofense #Emotet