MalDoc

June 22, 2020

SECURITY

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although […]

April 26, 2018

THREAT RESEARCH

GravityRAT – The Two-Year Evolution Of An APT Targeting India

GravityRAT malware has implemented new features, such as file exfiltration, remote command execution capability and anti-vm techniques. Consistent evolution and innovation beyond standard remote code execution is concerning.

October 22, 2017

THREAT RESEARCH

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict

This post was authored by Warren Mercer, Paul Rascagneres and Vitor Ventura INTRODUCTION Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 […]