Combining Attack Vectors.
Perception Point intercepted an email thread that combined all currently popular attack vectors; impersonation, encrypted archive and a malicious macro.
The sender requested something irrelevant of the company’s support team in order to seem like a real prospect seeking help
The link in the email doesn’t work which raises suspicion.
After the employee ended the conversation with the attacker. The attacker sent a suspicious zip file without any explanation regarding the file, plus he locked the file and added the password in the email causing it to be harder for detection engines to identify
The zip contains a word document named “info05.07.doc”, using our password extraction mechanism, we managed to open the file and scan it.
The doc file is malicious which contains malicious macro code that executes malicious commands without the users knowledge
If the user enables the content or even if the configuration of the user enables the file to be opened with automatic activation (common situation) the file start running multiple malicious commands starting with running CMD and PowerShell
After the file executes his malicious activities the file is closed and tries to hide is activities by closing all the processes and actions he took.
Connect with our team to:
* Learn more
* Get a live demo
* Get a quote
* Set up a free 30 day trial
We will respond to your enquiry within 24 hours.