The never-dying #Emotet is back, and aside from our report on it, I feel like there needs to be a further explanation on the undergoing efforts of stopping it. Enjoy the video and our new report 🙃

~2k samples, top abused processes via malicious LNK files, make sure susp cmd.exe and powershell.exe are properly covered

Nice thread on AsyncRat showcasing current capabilities and hunting for default configuration attributes👏

NEW VIDEO 📽️ #Malware Theory - Intro to #Packers and #Unpacking

Not sure what a packer is? 🤔

Let me show you! 🥳🎉

✅ Packer Heuristics
✅ Common Injection Techniques
✅ Relocation Table
✅ Analysis Considerations
✅ Commercial Packers

Enjoy! 😘

youtube.com/watch?v=6aik01…

There’s a new kid on the block. I haven’t named the baby yet, but it already roars 😆 🤩 😍

Checkout our reporting The DFIR Report for related intrusion cases:

thedfirreport.com/category/icedi…

and follow the below amazing folks to stay on top of all the changes related to IcedID:

James
Myrtus
Max_Malyutin
proxylife
Joseph Roosen
Kelsey
Brad

This is another pretty neat LOLBin. Nice find.

I added a sigma rule to my repo to cover this method.

github.com/tsale/Sigma_ru…