BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Emotet operators launched a campaign in Microsoft Office


    The Cryptolaemus research group, set up to combat Emotet malware, said that Emotet operators launched a malicious campaign using emails.

    Emotet is malware distributed through phishing campaigns containing malicious Excel or Word documents. When the user opens a document and activates macros, Emotet is loaded into memory.

    Once downloaded, the malware steals emails for use in future campaigns and drops additional payloads such as Cobalt Strike or other malware that typically leads to ransomware attacks.

    The discovered campaign uses attachments intended for users around the world, in different languages ​​and with different file names, impersonating invoices, scans, electronic forms, and other bait.

    The Emotet campaign uses an Excel attachment template that contains instructions for bypassing Microsoft Protected View.

    When a file is downloaded from the Internet, Microsoft adds a special Mark-of-the-Web (MoTW) flag to the file. When opened, a MoTW-flagged document opens in Protected View, preventing macros that install malware from running.

    However, in the Emotet attachment, the operators indicated instructions for users to copy the file to the trusted "Templates" folders. This allows attackers to bypass Microsoft Office Protected View. When opening a document from the Templates folder, macros are also launched that download the Emotet malware.

    Emotet is loaded as a DLL into several randomly named folders in the "%UserProfile%\AppData\Local" folder. The macros then run the DLL with the legitimate "regsvr32.exe" command.

    Once downloaded, the malware runs in the background and connects to the C&C server to receive further instructions or install additional payloads.

    Author DeepWeb
    The largest exchange of crypto-currency options has been hacked
    What is the difference between alpha-PVP and MDPV?

    Comments 0

    Add comment