Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #analysis
  • 29 September 2017 Michał Praszmo #analysis #malware #ramnit

    Ramnit – in-depth analysis

    Article thumbnail

    If we look on Ramnit’s history, it’s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it’s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files. A year later, a more …

    Read more
  • 30 May 2017 Jarosław Jedynak #analysis #malware #ransomware #tools

    Mole ransomware: analysis and decryptor

    Article thumbnail

    Mole ransomware is almost month old ransomware (so it’s quite old from our point of view), that was distributed mainly through fake online Word docs. It’s a member of growing CryptoMix family, but encryption algorithm was completely changed (…again). We became interested in this variant after victims contacted …

    Read more
  • 24 May 2017 Paweł Srokosz #analysis #emotet #botnet #dhl #malware #trojan

    Analysis of Emotet v4

    Article thumbnail

    Introduction Emotet is a modular Trojan horse, which was firstly noticed in June 2014 by Trend Micro. This malware is related to other types like Geodo, Bugat or Dridex, which are attributed by researches to the same family. Emotet was discovered as an advanced banker – it’s first campaign targeted …

    Read more
  • 18 January 2017 Jarosław Jedynak #analysis #evil #malware #ransomware

    Evil: A poor man’s ransomware in JavaScript

    Article thumbnail

    Introduction Initially Evil was brought to our attention by an incident reported on 2017-01-08. By that time the Internet was completely silent on that threat and we had nothing to analyze. We found first working sample day later, on 2017-01-09. In this article we will shortly summarize our analysis and …

    Read more
  • 04 January 2017 Jarosław Jedynak #analysis #cryptfile2 #cryptomix #malware #ransomware

    Technical analysis of CryptoMix/CryptFile2 ransomware

    Article thumbnail

    Campaign CryptoMix is another ransomware family that is trying to earn money by encrypting victims files and coercing them into paying the ransom. Until recently it was more known as CryptFile2, but for reasons unknown to us it was rebranded and now it’s called CryptoMix. It was observed in …

    Read more
  • 16 September 2016 Adam Krasuski #analysis #malware #tofsee

    Tofsee – modular spambot

    Article thumbnail

    Tofsee, also known as Gheg, is another botnet analyzed by CERT Polska. Its main job is to send spam, but it is able to do other tasks as well. It is possible thanks to the modular design of this malware – it consists of the main binary (the one user downloads …

    Read more
  • 02 September 2016 Adam Krasuski #analysis #malware #necurs

    Necurs – hybrid spam botnet

    Article thumbnail

    Necurs is one of the biggest botnets in the world – according to MalwareTech there are a couple millions of infected computers, several hundred thousand of which are online at any given time. Compromised computers send spam email to large number of recipients – usually the messages are created to look like …

    Read more
  • 01 August 2016 piotrb #analysis #dark space #DFT

    Network traffic periodicity analysis of dark address space

    Article thumbnail

    Network traffic directed to dark address space of IPv4 protocol can be a good source of information about current state of the Internet. Despite the fact that no packets should be sent to such addresses, in practice various traffic types can be observed there, for example echoes of Denial of …

    Read more
  • 17 May 2016 mak #analysis #malware #kbot

    Newest addition to a happy family: KBOT

    Article thumbnail

    At the beginning of the May here in Poland we have couple of free days. 3rd May is Constitution Day, and May 1st is Labour Day. Most of us use those days to unwind after winter, but some malware authors apparently didn’t: a few weeks ago, our friends started …

    Read more
  • 10 November 2015 CERT Polska #analysis #malware #dridex

    Talking to Dridex (part 0) – inside the dropper

    Article thumbnail

    Intro Dridex mostly comes to us as spam which contains a .doc with some macros, responsible for downloading a dropper. One can quickly analyze it using oledump.py and looking through vbscript, or naturally, just try to run it in a sandbox and obtain the dropped files. CFG extraction After …

    Read more
« 1 2 3 »

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON