Report an incident
Read in Polish
  • About us
  • News
  • FAQ
  • Analyses
  • Annual reports
  • Contact
Author Michał Praszmo
  • 18 February 2020 Michał Praszmo #analysis #malware #emotet

    What’s up Emotet?

    What’s up, Emotet? Emotet is one of the most widespread and havoc-wreaking malware families currently out there. Due to its modular structure, it’s able to easily evolve over time and gain new features without having to modify the core. Its first version dates back to 2014. Back then …

    Read more
  • 19 November 2019 Michał Praszmo #analysis #brushaloader #loader #malware

    Brushaloader gaining new layers like a pro

    Yo dawg, I heard you like droppers so I put a dropper in your dropper On 2019-11-18 we received a report that some of Polish users have began receiving malspam imitating DHL: In this short article, we’ll take a look at the xls document that has been used as …

    Read more
  • 05 February 2019 Michał Praszmo #botnet #malware #trickbot #trojan

    Detricking TrickBot Loader

    TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. But in this article we will not focus …

    Read more
  • 18 July 2018 Michał Praszmo #analysis #malware #smokeloader

    Dissecting Smoke Loader

    Smoke Loader (also known as Dofoil) is a relatively small, modular bot that is mainly used to drop various malware families. Even though it’s designed to drop other malware, it has some pretty hefty malware-like capabilities on its own. Despite being quite old, it’s still going strong, recently …

    Read more
  • 29 September 2017 Michał Praszmo #analysis #malware #ramnit

    Ramnit – in-depth analysis

    If we look on Ramnit’s history, it’s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it’s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files. A year later, a more …

    Read more

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99

E-mail: [email protected]
Incidents: [email protected]

  • © 2021 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON