SentinelOne Vs. Nemucod – Mitigation and Rollback

Watch how SentinelOne mitigates and rolls back Nemucod. The Nemucod family of trojans, which have existed for several years, typically serve as downloaders and/or droppers for additional malicious components. The JSCRIPT-based droppers are associated with a number of ransomware/malware families including TeslaCrypt, Kryptik, ElDorado, Emotet, Ryuk, and countless others. Distribution of these droppers, in the form of obfuscated JSCRIPT, is common, with the scripts themselves often being delivered via phishing/email. JS_Nemucod was utilized heavily as a dropper for Locky ransomware just a few years ago, and often appears in various “Top Malware” frequency lists. Over the years, various ‘mutations’ of Nemucod have appeared, including some which drop executable ransomware payloads directly from the body of the executable.