Skip to main content


Showing posts from April, 2019

Major update: Emotet C2i Apr 2019

Emotet has updated the C2 comms in the latest release, going for URIs instead of IPs (root). Here’s a complete list of the current campaign: Emotet C2i:

Trickbot — a concise treatise

Post-execution scope of impact and threatscape details of a sophisticated malware First Edition, April 2019 Vishal Thakur Introduction S ince its initial release, Trickbot has been an advanced, modular malware, built on complex, well-written code and backed by continuous improvement and on-going development. The modular structure of the code is the most important part of this malware. Other than giving it a clearly defined and segmented flow, it allows the authors to have the ability to add new modules with new purposes to the existing malware, which they have been doing regularly throughout the history of the malware. Trickbot is a beautiful piece of code, used for malicious purposes. Technical analysis of this malware has been published throughout its existence in the wild and there are some good, detailed publishings that are available on the internet that go into great technical details regarding the inner workings of the code and flow of Trickbot. Here’s one of my earl