Cisco Blogs
Share

Matryoshka Doll Reconnaissance Framework

- January 27, 2017 - 0 Comments

This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett

Mat1

Overview

Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid sandbox detection and virtual analysis, as well as exploitation from a non-embedded Flash payload. This document targeted NATO members in a campaign during the Christmas and New Year holiday. Due to the file name, Talos researchers assume that the document targeted NATO members governments. This attack is also notable because the payload was swapped out with a large amount of junk data which was designed to create resource issues for some simplistic security devices.

Read More

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.