Tag: Maldoc

• Analyzing the Royal Road to Space Pirates

  

  26 May 2022 While the actual blog post has been difficult to access for some, Positive Technologies released research on the Space Pirates APT group that has been spotted intruding on government, IT, and critical infrastructure networks in Russia, Georgia, and Mongolia. Believed to be operating since at least 2019, the Space Pirates group has […]

  Mike

  May 26, 2022

  INFOSEC

  APT, INFOSEC, Maldoc

• Detecting COM Object Tasks Used by DarkHotel

  

  Background Adversaries frequently utilize scheduled tasks, a legitimate Windows operating system utility to establish/maintain persistence and even execute code in a victim network. Scheduled tasks allow for persistence on a victim network between reboots as well as code execution when a certain condition is met (time, user logon, etc.). In this specific example, the adversary […]

  Mike

  March 30, 2022

  INFOSEC

  #APT, #INFOSEC, Maldoc, Malware

• Analysis of njRAT PowerPoint Macros

  

  I wanted to do a quick write-up on an interesting PowerPoint macro document that contains njRAT. njRAT is a .NET trojan first identified in 2013 that has largely targeted countries in the Middle East as well as South America. The malicious document can be found via MalwareBazaar: https://bazaar.abuse.ch/sample/edba3ca498110106418658167533034aeb929276fe81de80c6de1a6bb95120e0 Information Gathering When triaging a suspected malicious […]

  Mike

  January 12, 2022

  INFOSEC

  Maldoc, Malware, njRAT