Displaying items by tag: powershell

It is Wednesday, so it is about time to talk about a new strain of malware. In this case one that leverages Microsoft’s PowerShell to do its dirty work. Primarily a post-exploitation tool, PowerDrop is leveraged after access is obtained by other means. According to researchers at Adlumin, the tool also seems to focus on information gathering/theft. The attack also used WMI (Windows Management instrumentation) to execute the PowerShell commands which could be a move to living off the land.

Published in News

Yesterday we told you that the gang behind Emotet was looking to used Excel add-ins as a possible new technique to compromise systems as part of their spamming campaigns. The detected techniques were labeled as potentially being part of research and development efforts on the part of the group TA542 due to changes Microsoft is making in Office (and ones many admins already push). The R&D efforts do not stop there though as multiple security research teams are now saying they have identified another new technique associated with Emotet.

Published in Security Talk