Aug 2018 – Malware (KEYMARBLE)

My friend informed that a new malware wreak havoc. Meanwhile US-Cert issued the technical articles described the details and let’s the world staying alert! US-CERT also provides the Indicator of compromise (IOC) file for reference. I am interested and therefore I put the this file into the sandbox see whether what exact issue will be happened. The facts is that threat actor embedded malicious code lure victim to open this document. The overall procedure similar word document ask you to excecute a XML contents. The whole procedure may not be trigger the antivirus alert (antivirus may detect this issue now, but not absolute sure) till the infection stage go to phase two. Yes, download a malicious executable file. If similar scenario happen in your company, sounds like you IT campus has a cat doing the monitoring. The cat will catch the mouse once he appears. How does your cat know this Rat appear. All relies on Yara rule (see attached diagram for reference). May be people will be scared of the web page contains hyperlink on top. And therefore this time not provided.