Research
PrecisionSec Blog
Malware research, campaign tracking and analysis from the threat intelligence team.
Introducing PrecisionSec MISP Feeds
Announcing PrecisionSec's MISP feeds: enriched, correlated IOCs for Emotet, Trickbot and dozens of active malware families with MISP Galaxy context.
Emotet Resumes Operations, Distributes Malicious PDF Files
Emotet resumed with a novel PDF delivery technique in November 2018: analysis of the campaign TTPs, infrastructure reuse and sample IOCs.
Dridex Delivered by Malicious PDF Files
The Dridex banking trojan actors switched tactics again, distributing botnet 7200 via PDF files that link to macro-enabled documents which download the final payload.
Locky Actors Adopt QTLoader to Deliver Ransomware
Analysis of QTLoader, the new downloader adopted by Locky ransomware actors in October 2017, featuring process hollowing via svchost.exe and anti-analysis checks.
Locky Ransomware Actors Adopt DDE Technique to Deliver Malware
Technical analysis of the Locky ransomware campaign that adopted Microsoft Word's DDE protocol to execute malicious PowerShell without macros, first observed October 19, 2017.