Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection. Read More HERE…
Read more
Trend Micro Research : Spam
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. Read More HERE…
Read more
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques. Read More HERE…
Read more
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. Read More HERE…
Read more
Analyzing Email Services Abused for Business Email Compromise Threats Analyst Threat Researcher Threats Analyst Sr. Threat Researcher
We analyzed five major types of email channels, and the techniques in keywords and domain names BEC actors use to appear legitimate to potential victims. Read More HERE…
Read more
APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs Threat Researcher Threat Researcher
In 2019, we wrote a blog entry about a threat actor, known as APT-C-36 or Blind Eagle, targeting entities in Colombia and other South American countries with spam emails. We have continued tracking this threat actor and share our new findings about APT-C-36’s ongoing spam campaign during that monitoring phase. Read More HERE…
Read more
Tokyo Olympics Leveraged in Cybercrime Attack
Just before the opening of the Tokyo Olympics, we confirmed an attack that directed users from a fake TV broadcast schedule page to browser notification spam. Read More HERE…
Read more