Hey there! We have seen plenty of Spam mail campaigns carrying RTF document, which exploits infamous vulnerabilities to compromise end user machines with various malware. Now Let me Ask you something.. Were all the systems in your network patched for CVE-2017-11882, CVE-2017-8759 and CVE-2017-0199? If the answer is NO, you are prone to be compromised with […]
In between the waves of Petya Ransomware-wiper, another serious ransomware were spreading across, The “Karo Ransomware”. The initial vector being spam mails with a document file. The document file is password protected and this malware is Virtualization aware and refuses to run in sandboxes. Once infected Karo encrypts the files with the (.ipygh) extension and it […]
SUMMARY When it comes to Macro Malware, several people try to finish it off with two workarounds, Disable Macro (GPO) and user awareness. That said what if a malicious document doesn’t use Macro codes to do its malicious tasks? What if a document is exploiting a vulnerability to do its malicious activities? That said, Let […]
In my previous blog posts I posted details of cyber attacks targeting Indian Ministry of External Affairs and Indian Navy’s Warship and Submarine Manufacturer. This blog post describes another attack campaign where attackers impersonated identity of Indian think tank IDSA (Institute for Defence Studies and Analyses) and sent out spear-phishing emails to target officials of […]
We have always been curious to know about what goes on inside the state sponsored security agencies like NSA (National Security Agency). Since the agency is known to operate on multiple spying operations in the past for tracking criminals and terrorists, it might sometimes need the use of zero day exploits to get into targeted […]
Hello there! before we begin our journey, spare some time to update the below spyware signature (No detections anywhere) in all your controls, which digests IOCs: MD5 – 68AB498574C0BEAE225A04D04A2571A1 (new variant of spyware) NB: The day was sunny and was analyzing a targeted spam mail and its attached macro malware – normal routine 🙂 But this […]
Text: Audience Level: Beginner to Medium. Few months back we released our new tool APITacker. The idea behind the tool is more mature than the tool itself. Using APITracker we can hook APIs on large scale from DLLs to track the execution of the sample. APITracker is based on pydbg python debugger. Before we move […]
These days, Along with the unforeseen climatic conditions, several unpredictable malware campaigns are also occurring across the connected world. Mostly Offenders are relying on spam mails and the associated malicious Macros, to drop and infect the targeted victims with various other atrocious malware. Studies shows 95% of successful security attacks created by Human mistakes!! Security sensitive […]
Introduction: Sensors were bleeping but still high value assets got compromised, emergency response team was called and asked for the most important question “we have detection technology from five vendors, how is that possible?”. A piece of code bypassed the world’s most innovative technologies for detection on this earth. It is not a simple situation […]
Macro malware are still playing its atrocious activities in the wild, frightening all the sectors around the globe. Latest Spam campaign which flew around GCC countries created a “scary rain” across multiple entities. This spam mail was not targeted only for a particular entity, but extensively across multiple firms in Middle east, anticipating huge number of […]