guidance – Computer Security Articles

Malicious macro using a sneaky new trick

January 23, 2017 admin antimalware, Antimalware research for IT pros and enthusiasts, Donoff, guidance, Locky, macro, Macro-based malware, malware, malware research, office, ransomware, Social engineering, VBA, VBAscript, Windows 10, Windows Defender, Word

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…

Microsoft Security

Digging deep for PLATINUM

January 23, 2017 admin Activity groups, Advanced persistent threats, advanced threat, enterprise software security, guidance, hunters, malware, malware research, Microsoft Security Essentials, MMPC, phishing, research, Uncategorized, Windows 10, Windows Defender, Windows Defender ATP, Windows Defender for Windows 10

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…