Securing the .pl domain

A deeper look at Tofsee modules

Data publikacji: 19/10/2017, Jarosław Jedynak

Tofsee is a multi-purpose malware with wide array of capabilities – it can mine bitcoins, send emails, steal credentials, perform DDoS attacks, and more. All of this is possible because of its modular nature. We have already published about Tofsee/Gheg a few months ago – https://www.cert.pl/en/news/single/tofsee-en. Reading or at least skimming it is probably required [...] Read more

Ramnit – in-depth analysis

Data publikacji: 29/09/2017, Michał Praszmo

If we look on Ramnit’s history, it’s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it’s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files. A year later, a more dangerous version was released. It contained a part [...] Read more

Mole ransomware: analysis and decryptor

Data publikacji: 30/05/2017, Jarosław Jedynak

Mole ransomware is almost month old ransomware (so it’s quite old from our point of view), that was distributed mainly through fake online Word docs. It’s a member of growing CryptoMix family, but encryption algorithm was completely changed (…again). We became interested in this variant after victims contacted us asking for a decryptor. Remembering that [...] Read more

Analysis of Emotet v4

Data publikacji: 24/05/2017, Paweł Srokosz

Introduction Emotet is a modular Trojan horse, which was firstly noticed in June 2014 by Trend Micro. This malware is related to other types like Geodo, Bugat or Dridex, which are attributed by researches to the same family. Emotet was discovered as an advanced banker – it’s first campaign targeted clients of German and Austrian [...] Read more