heads up!!!
Sorry for the semi off-topic... but just in case this may help...
Encripted zip files witth dangerous ofuscated macros inside calling our beloved
powershell...
Pedro
Pedro, do you see sigs for it yet? We're seeing a ton of
Doc.Dropper.EmotetRed1220-9816007-0.
Have you submitted a sample to Steve at Sanesecurity and clamav?
Best,
Dave
On 1/13/21 10:39 AM, Pedro David Marco wrote:
Hi all...
sorry for the semi off-topic...
Today Emotet is being sent
Hi all...
sorry for the semi off-topic...
Today Emotet is being sent in an encrypted zip with the password embedded into
an anti-ocr image..
watch out!
-Pedrete
Good day Guys
A thread on the Clamav mailinglist that may be of interest to the community.
https://lists.clamav.net/pipermail/clamav-users/2020-September/009875.html
HTH
Regards
Brent
k about SA scoring politics because we are not directly
involved in the project. What I can say is that we flag legitimate
domains that are abused to distribute malware. In example:
http://drapart[dot]org/Prensa/k0viv68-5v5-2137/
The website itself is legit, but that particular path is hosting E
On Sep 18, 2019, at 3:19 AM, Riccardo Alfieri
wrote:
>
> You are correct, URLhaus domains enter DBL as abused legit malware, but the
> default SA score is not enough to mark the email as spam (and that's correct
> as it checks only the domain).
Since the return code for the domain is specific
On Wed, Sep 18, 2019 at 09:19:17AM +, Riccardo Alfieri wrote:
> On 17/09/19 20:54, Amir Caspi wrote:
>
> >Based on https://feodotracker.abuse.ch/mitigate/, it looks like both
> >Spamhaus DBL and SURBL are fed by URLhaus. Spamhaus returns 127.0.1.105
> >for URLs fed from URLhaus. Doesn't SA a
On 17/09/19 20:54, Amir Caspi wrote:
Based on https://feodotracker.abuse.ch/mitigate/, it looks like both
Spamhaus DBL and SURBL are fed by URLhaus. Spamhaus returns
127.0.1.105 for URLs fed from URLhaus. Doesn't SA already handle
this, then, for URLs it processes, since it uses the DBL?
I
On Sep 17, 2019, at 12:15 PM, John Hardin wrote:
>
> On Tue, 17 Sep 2019, hg user wrote:
>
>> It is a "dumb" rule but the quicker I could create.
>>
>> https://pastebin.com/bxRSds7a
>
> Suggestions:
>
> (1) use a URI rule rather than a BODY rule
>
> (2) escape the periods; you want to match
M Blason R wrote:
If possible please share it here?
On Tue, Sep 17, 2019 at 3:20 PM hg user wrote:
A new emotet campain is in progress (https://twitter.com/Cryptolaemus1)
and I created a rule... I don't know if is it possible to share (via
pastebin) the rule I created to have feedback f
e, Sep 17, 2019 at 11:59 AM Blason R wrote:
>>
>> If possible please share it here?
>>>
>>> On Tue, Sep 17, 2019 at 3:20 PM hg user wrote:
>>>
>>> A new emotet campain is in progress (https://twitter.com/Cryptolaemus1)
>>>> and I created a rule... I don't know if is it possible to share (via
>>>> pastebin) the rule I created to have feedback from the experts...
>>>>
>>>>
>>>
>>
>
, Sep 17, 2019 at 11:59 AM Blason R wrote:
If possible please share it here?
On Tue, Sep 17, 2019 at 3:20 PM hg user wrote:
A new emotet campain is in progress (https://twitter.com/Cryptolaemus1)
and I created a rule... I don't know if is it possible to share (via
pastebin) the rule I
It is a "dumb" rule but the quicker I could create.
https://pastebin.com/bxRSds7a
On Tue, Sep 17, 2019 at 11:59 AM Blason R wrote:
> If possible please share it here?
>
> On Tue, Sep 17, 2019 at 3:20 PM hg user wrote:
>
>> A new emotet campain is in progress (https
On 17/09/19 11:59, Blason R wrote:
If possible please share it here?
On Tue, Sep 17, 2019 at 3:20 PM hg user <mailto:mercurialu...@gmail.com>> wrote:
A new emotet campain is in progress
(https://twitter.com/Cryptolaemus1) and I created a rule... I
don't know if is
If possible please share it here?
On Tue, Sep 17, 2019 at 3:20 PM hg user wrote:
> A new emotet campain is in progress (https://twitter.com/Cryptolaemus1)
> and I created a rule... I don't know if is it possible to share (via
> pastebin) the rule I created to have feedback from the experts...
>
A new emotet campain is in progress (https://twitter.com/Cryptolaemus1) and
I created a rule... I don't know if is it possible to share (via pastebin)
the rule I created to have feedback from the experts...
Good day Guys
A very interesting read I thought I would share with the community.
https://blog.talosintelligence.com/2019/01/return-of-emotet.html
HTH
Regards
Brent Clark
17 matches
Mail list logo
