Tag: Maldoc

  • Analyzing the Royal Road to Space Pirates

    Analyzing the Royal Road to Space Pirates

    26 May 2022 While the actual blog post has been difficult to access for some, Positive Technologies released research on the Space Pirates APT group that has been spotted intruding on government, IT, and critical infrastructure networks in Russia, Georgia, and Mongolia. Believed to be operating since at least 2019, the Space Pirates group has…

  • Detecting COM Object Tasks Used by DarkHotel

    Detecting COM Object Tasks Used by DarkHotel

    Background Adversaries frequently utilize scheduled tasks, a legitimate Windows operating system utility to establish/maintain persistence and even execute code in a victim network. Scheduled tasks allow for persistence on a victim network between reboots as well as code execution when a certain condition is met (time, user logon, etc.). In this specific example, the adversary…

  • Analysis of njRAT PowerPoint Macros

    Analysis of njRAT PowerPoint Macros

    I wanted to do a quick write-up on an interesting PowerPoint macro document that contains njRAT. njRAT is a .NET trojan first identified in 2013 that has largely targeted countries in the Middle East as well as South America. The malicious document can be found via MalwareBazaar: https://bazaar.abuse.ch/sample/edba3ca498110106418658167533034aeb929276fe81de80c6de1a6bb95120e0 Information Gathering When triaging a suspected malicious…