@Gargron I found a bug but can't report via intigriti, what's up with the program?

i‘m thinking about hosting one but mailing cost made me not to. what do you use?

i‘m interested in collaborating on cybersecurity projects / threat research / etc. hit me up!

#emotet now uses #powershell commands in .lnk files, the string is obfuscated with nulls/blank spaces so the target is not shown
some #Indicatorofcompromise #ioc :
- .ps1 files in %tmp%
- focusmedica[.]in
- demo34[.]ckg[.]hk
- colegiounamuno[.]es
- cipro[.]mx
- filmmogzivota[.]rs
- creemo[.]pl
command for checking %tmp%:
 dir C:\users\%username%\AppData\Local\Temp\*.ps1