Tag: Maldoc

• Detecting COM Object Tasks Used by DarkHotel

  

  Background Adversaries frequently utilize scheduled tasks, a legitimate Windows operating system utility to establish/maintain persistence and even execute code in a victim network. Scheduled tasks allow for persistence on a victim network between reboots as well as code execution when a certain condition is met (time, user logon, etc.). In this specific example, the adversary […]

  Mike

  March 30, 2022

  INFOSEC

  #APT, #INFOSEC, Maldoc, Malware

• Analysis of njRAT PowerPoint Macros

  

  I wanted to do a quick write-up on an interesting PowerPoint macro document that contains njRAT. njRAT is a .NET trojan first identified in 2013 that has largely targeted countries in the Middle East as well as South America. The malicious document can be found via MalwareBazaar: https://bazaar.abuse.ch/sample/edba3ca498110106418658167533034aeb929276fe81de80c6de1a6bb95120e0 Information Gathering When triaging a suspected malicious […]

  Mike

  January 12, 2022

  INFOSEC

  Maldoc, Malware, njRAT