Malware analysis: decoding Emotet, part 2

Credit to Author: Vishal Thakur| Date: Thu, 07 Jun 2018 15:00:00 +0000

In part two of our series on decoding Emotet, we analyze the PowerShell code flow and structure. We also reconstruct the command-line arguments—for fun!

Categories:

Tags:

(Read more…)

The post Malware analysis: decoding Emotet, part 2 appeared first on Malwarebytes Labs.

Read more

Now you see me: Exposing fileless malware

Credit to Author: Windows Defender ATP| Date: Wed, 24 Jan 2018 14:00:21 +0000

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileless techniques as part of their kill chains. The idea behind fileless malware is simple: If tools already exist on a device

Read more

Read more

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Credit to Author: Windows Defender ATP| Date: Mon, 04 Dec 2017 14:00:07 +0000

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for living off the landstaying away from the

Read more

Read more

Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity

Credit to Author: Malwarebytes Labs| Date: Wed, 27 Sep 2017 01:06:51 +0000

In this post, we take apart a clever set of scripts used in a targeted attack against the government of Saudi Arabia.

Categories:

Tags:

(Read more…)

The post Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity appeared first on Malwarebytes Labs.

Read more

Elaborate scripting-fu used in espionage attack against Saudi Arabia Government

Credit to Author: Malwarebytes Labs| Date: Wed, 27 Sep 2017 01:06:51 +0000

In this post, we take apart a clever set of scripts used in a targeted attack against the government of Saudi Arabia.

Categories:

Tags:

(Read more…)

The post Elaborate scripting-fu used in espionage attack against Saudi Arabia Government appeared first on Malwarebytes Labs.

Read more

Learning PowerShell: basic programs

Credit to Author: Pieter Arntz| Date: Fri, 04 Aug 2017 18:00:35 +0000

In this last part of the short series about the basics of PowerShell we assemble a small script from scratch and explain how it works.

Categories:

Tags:

(Read more…)

The post Learning PowerShell: basic programs appeared first on Malwarebytes Labs.

Read more

Learning PowerShell: some basic commands

Credit to Author: Pieter Arntz| Date: Tue, 01 Aug 2017 15:00:12 +0000

We are going to construct some basic Powershell commands and explain how they work just to show you how useful Powershell can be. For good and for bad.

Categories:

Tags:

(Read more…)

The post Learning PowerShell: some basic commands appeared first on Malwarebytes Labs.

Read more

A week in security (July 10 – July 16)

Credit to Author: Malwarebytes Labs| Date: Mon, 17 Jul 2017 19:43:31 +0000

A compilation of security news and blog posts from the 10th of July to the 16th. We go over our PowerShell, an overview of the Petya ransomware family, and more.

Categories:

Tags:

(Read more…)

The post A week in security (July 10 – July 16) appeared first on Malwarebytes Labs.

Read more