
CryptOne
A packing software called CryptOne became popular among some major threat actors. It was first reported by Fox-IT that the group behind Wastedlocker has begun using it, as well as Netwalker, Gozi ISFB v3, ZLoader, Emotet, Dridex, and Smokeloader.
Additional Resources
External Links
- A Deep Dive into Packing Software CryptOne
- GitHub - Tera0017/de-CryptOne: Python 3 script unpacking statically x86 & x64 CryptOne packer. CryptOne versions: ~2020/01 until ~2021/04