June 3, 2020

Excel 4.0 Macro Functionality Incorporated Into Ursnif Delivery Campaigns

2 min read - Security researchers discovered a new Ursnif malware delivery campaign leveraging Excel 4.0 macro functionality.

April 8, 2020

Mshta Replaces PowerShell in New Ursnif Campaign

2 min read - Security researchers observed that a new attack campaign replaced PowerShell with mshta as a means to distribute Ursnif malware.

Threat Intelligence February 26, 2020

What’s Old Is New, What’s New Is Old: Aged Vulnerabilities Still in Use in Attacks Today

5 min read - Two vulnerabilities that were reported and patched in 2017 were used in nearly 90 percent of malspam messages in 2019. Why would threat actors use these old, well-known exploits in their attacks?

July 9, 2019

TA505 Delivers New Gelup Malware Tool, FlowerPippi Backdoor Via Spam Campaign

2 min read - Researchers observed the TA505 threat group using spam campaigns to deliver two new payloads: the Gelup malware tool and the FlowerPippi backdoor.

Endpoint May 20, 2019

How to Fight Back Against Macro Malware

6 min read - Per X-Force IRIS, at least 22 percent of reported campaigns in April 2019 delivered macro malware. What methods can defenders leverage to help detect malicious macro activity?

April 23, 2019

Aggah Campaign Using Bit.ly, BlogSpot and Pastebin to Distribute RevengeRAT

2 min read - Researchers spotted the operators of the Aggah campaign exploiting Bit.ly, BlogSpot and Pastebin to spread variants of the RevengeRAT malware in the Middle East, Asia, Europe and the U.S.

December 7, 2018

New Macro Downloaders Use PUB Files to Compromise Food and Retail Companies

2 min read - New macro downloaders are sandwiching spam and .PUB files to compromise businesses in the food and retail sector.

November 20, 2018

TA505 Threat Group Distributes Previously Undocumented tRat Remote Access Trojan

< 1 min read - Researchers observed the TA505 threat group spreading a previously undocumented remote access Trojan (RAT) called tRaT.

November 12, 2018

New Cobalt Gang PDF Attack Avoids Traditional Static Analysis Tools

2 min read - A PDF attack campaign conducted by the Cobalt Gang used a specially crafted document to evade dection by static analysis tools.

November 7, 2018

NARWHAL SPIDER Uses Steganography to Deliver URLZone Malware in Cutwail Spam Campaign

2 min read - A new Cutwail spam campaign is leveraging steganography — hiding data within images — to compromise devices and download URLZone.