Discover and read the best of Twitter Threads about #signalsharing

Most recents (1)

One of biggest spam campaigns today is Emotet distributing malicious documents that use WMI to run a PowerShell script that downloads Emotet payload from 5 URLs. Emotet has been using this technique for a while; it might be proving effective as it’s still being actively used. ImageImage
The campaign we saw today uses the typical “past due invoice” emails. The attachment is a document that says “You must have Office 365 admin permissions” to trick recipients to enable the macro, which then runs a WMI command to launch the PowerShell download code. ImageImage
Office 365 ATP detects these documents attached to emails. On endpoints, Microsoft Defender ATP detects the documents and Emotet payloads using protections that are enriched by signals from Office 365 ATP. #signalsharing #machinelearning #MicrosoftThreatProtection @MicrosoftMTP
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!