[clamav-users] Looks like we've gotten a new variant of Emotet getting through...
max
mn at sbg.at
Mon Dec 21 20:34:12 UTC 2020
hi eric,
Am 21.12.20 um 17:59 schrieb eric-list at truenet.com:
> Sorry to bother, but do you guys want raw emails or just the payload
> Word Docs?
>
> I just sent payloads, since they are real emails with responses and a
> virus attached.
this is pretty useless as clamav's reporting process is far too slow or
or is not made for rapidly changing attack vectors used by emotet (never
saw clamav hits with default signatures enabled on the last big emotet
waves on my side, may be different somewhere else).
for hunting emotet you can report to sanesecurity where steve and his
team are taking care and use their 3rd-party signatures. and/or use
urlhaus (driven by abuse.ch) 3rd-party signatures feeded by lots of
(emotet) malware hunters floating around on
https://twitter.com/cryptolaemus1 - all of them doing a great job here.
btw - lots of vulnerable/unpatched wordpress installs involved as
always, may be related to fresh CVE-2020-35489
https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/
regards
max
> I can however scrub the raws and send a few of those as well.
>
> Sincerely,
>
>
>
> Eric Tykwinski
>
> TrueNet, Inc.
>
> P: 610-429-8300
>
>
>
>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list