2017-11-15 Another Malspam Message Leads to New Emotet
2017-11-01 Another Trickbot Maldoc

Looking through the email filters yesterday, I saw numerous emails from the sender “secure@hsbcdocuments.com” with the subject of “We need to confirm your details.” The email was a well laid out phish with a malicious Word document attached. This Word document led to a Trickbot banking malware infection via the…
2017-10-30 Generic Infostealer Malware Using UAC Bypass

A quick write-up on a generic infostealer that also uses a UAC bypass technique. I could not find much about this malware outside that it was a generic information stealing malware. For some interesting reading on how to bypass UAC within Windows, please see the following links: http://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ http://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/ http://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/…
2017-10-03 Nemucod Maldoc Leads to Locky (Ykcol) Infection
2017-08-30 Trickbot Maldoc – Part Two
2017-08-30 Trickbot Maldoc – Part One
2017-08-28 Malspam Leads To Emotet Malware
2017-08-04 Quick Post – Deobfuscating the Javascript from “Blank Slate” malspam Pushing Gryphon Ransomware (A BTCware variant)
Just a quick one for today. I saw Brad’s tweet about a sample of Blank Slate malspam and decided to see if I could find some today while at work. Thankfully the email filters did their job and all of them were blocked. Brad also blogged about this over on…