Cisco Blogs
Share

Visualizing a String of Paerls


October 2, 2014 - 2 Comments

Researchers from the Cisco Talos Security Intelligence and Research Team recently discovered an elaborate attack dubbed the String of Paerls. The attack, a combined spearphishing and exploit attempt, was able to bypass most antivirus engines and used a targeted phishing email that included a malicious Word document attachment. Upon opening the Word attachment, a macro downloaded and launched an executable on the victim’s machine, which then called out to command and control servers.

In the graphic below you can see an illustration of each of the major steps of the attack. A common thread is that Cisco security provides protection against attacks like this one using the approach of integrated threat defense. Specifically, Advanced Malware Protection tools were used throughout the discovery and analysis process to expose the exploit.

paerls-blog-1024x714

For a complete play-by-play of this attack, read the String of Paerls blog post from Talos. For more about integrated threat defense in our products, see the new Cisco ASA with FirePOWER Services.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. An excellent step by step research with detailed information. Thanks you, for sharing this key note.

  2. Brian can you email me @ jthomas@area-networks.com please regarding this slide.