Tuesday, October 10, 2017

Auto-Update Malware Delivery TTP

TLP AMBER ANNOUNCEMENT: 

Malicious Microsoft Word documents are one of the most prevalent malware delivery mechanisms, and typically use embedded Visual Basic (VBA) macros to download and install malware on a victim’s machine. In late August and September 2017, Wapack Labs observed an uptick in an alternative Word doc based malware delivery method being leveraged in malicious email campaigns. The tactic involves using auto-updating links, instead of macros, to download additional malware payloads. Due to the prevalence of Office-based malware delivery, this new method will likely affect multiple industries, including Red Sky Alliance members. This report provides analysis on related specimens, including common artifacts and observed campaigns, as well as a generic mitigation that detects most variants...READ MORE

Wapack Labs has cataloged and reported malware delivery tactics in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

WWW.WAPACKLABS.COM

This TLP AMBER report is available only to Red Sky Alliance members.