This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered…
Tag: downloader
New version of IcedID Trojan uses steganographic payloads
This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report…
Emotet is back: botnet springs back to life with new spam campaign
After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a…
Trojans: What’s the real deal?
The fictional Greeks hiding in their legendary Trojan horse would probably be excited to learn that the default Wiki page for…
Malware analysis: decoding Emotet, part 2
In part two of our series on decoding Emotet, (you can catch up on part 1 here), we’ll cover analysis of…
A week in security (Feb 6th – Feb 12th)
Last week, we gave a shout out to Safer Internet Day, passed around some tips for safe(r) public Wi-Fi use, and…
PUP Friday: Let’s talk generic
The detection name of PUP.Optional.Downloader is probably as non-specific as you can get when it comes to identifying what particular unwanted…
Smoke Loader – downloader with a smokescreen still alive
This time we will have a look at another payload from recent RIG EK campaign. It is Smoke Loader (Dofoil), a…
From Locky with love – reading malicious attachments
The common way of malware distribution, used i.e. by Locky ransomware are downloader scripts. They are spread in massive spam campaigns…