While analyzing a new wave of Hancitor, I have determined that they have combined a variety of techniques together which greatly increases the effectiveness of the campaign. According to my research, they have leveraged an effective combination of Living off the Land Techniques in order to evade detection. WMI for indirect command execution and COM… Continue reading Hancitor. Evasive new waves, and how COM objects can use Cached Credentials for Proxy Authentication.
Tag: Malware
Detecting Ursnif Infected Word Documents through metadata.
Good Afternoon, I have recently been working on methods to detect an Information Stealer/Trojan known as Ursnif. The difficulty in detection relies on the use of encrypted Word documents. These documents use an additional encryption pack that comes by default with Office 2007 SP2 or higher. The encryption pack is known as the “High Encryption… Continue reading Detecting Ursnif Infected Word Documents through metadata.