Experience Level required: beginner

In this blog we will Learn how to analyze MS Office Macro enabled Documents.

1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99

Let’s see the sample in Virus Total

37 of 63 security vendors detected this file as malicious.

Let’s open the file.

It uses a social engineering technique to persuade the user to enable the macros that lead to the infection of the user.…

Read More

Here are the key insights from the Halcyon Threat Research and Intelligence Team findings for March 2024. The evolving ransomware landscape continues to reveal intriguing trends when analyzed comprehensively.

Ransomware Prevented per Industry Vertical

Information Technology, Education and Manufacturing were the most targeted industry verticals in March 2024:

Information & Technology 32% (+13% mo/mo) Education 12% (-1% mo/mo) Manufacturing 11% (+6% mo/mo) Healthcare & Pharmaceutical 7% (+3% mo/mo) Finance & Insurance 6% (-25%% mo/mo) Professional, Scientific & Technical Services 6% (-2% mo/mo) State & Local Government 6% (+2% mo/mo) Retail Trade 6% (+4% mo/mo) Arts, Entertainment & Recreation 5% Transportation & Warehousing 5% (+2% mo/mo) other 3% (+2% mo/mo) Utilities 0.6% (-0.4% mo/mo) Accommodations & Food Services 0.2% (-0.1% mo/mo) Construction 0.1% (-0.3% mo/mo) Mining 0.1% (-0.2% mo/mo)Threat Types by Category

Halcyon detected and blocked a wide variety of threats that were missed by other security layers in our client’s environments that are often precursors to the delivery of the ransomware payload:

Monero Coin Miner Trojan

This Trojan installs a Monero coin miner, effectively stealing processing resources from the victim and is capable of performing various evasion techniques to avoid detection and analysis by security tools.…

Read More

Safeguarding sensitive data, maintaining brand reputation, and cultivating customer trust pose continuous challenges for enterprise organizations. However, the dark web, a hidden corner of the internet, poses unique challenges for cybersecurity professionals. Criminal activities such as the sale of stolen credentials and plans for targeted attacks thrive in this dark section of the internet.…

Read More

Summary: A previously unknown ransomware gang called Muliaka (or Muddy Water) has been targeting Russian businesses with malware based on the leaked source code from the Conti hacking group.

Threat Actor: Muliaka | Muliaka Victim: Unnamed Russian business | Unnamed Russian business

Key Point :

The Muliaka ransomware gang has been active since at least December 2023 and has been using malware based on the leaked source code from the Conti hacking group.…
Read More

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Google’s search engine page and localized to North America.

Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer.…

Read More

Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674. These malicious actors imitated the landing pages of popular software, such as Zoom, Microsoft OneDrive, Microsoft SharePoint, and Microsoft Teams, to lure target victims into downloading malicious installers.…

Read More

Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High

Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files.…

Read More

Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.

To reduce the chances of business disruption from advanced and unknown threats, security teams must operationalize threat intelligence by conducting proactive, hypothesis-driven threat hunts.…

Read More
Key takeawaysDating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues. Techniques like trilateration allow attackers to determine user coordinates using distance information. Despite safety measures, the Hornet dating app (a popular gay dating app with over 10 million downloads) had vulnerabilities, allowing precise location determination, even if users disabled the display of their distances.…
Read More