All posts by webmaster@telsy.com

Threat Hunters vs Red Teamers. A meeting in the cyber space…

Threat Hunters vs Red Teamers. A meeting in the cyber space…

Recently, a new wave of malicious decoy Microsoft Office documents addressed exclusively to a central country of the european geographical area was intercepted by Telsy TRT. These have been collected while landing on a media sector company. Observed TTPs did not lead to any known threat actor and initially we were imagining that a new group was coming out of the shadow… Who was operating behind this campaign seemed to use different infection methods to reach the execution of its 1st stage payload, including the adoption of the “EvilClippy” tool, released during a BlackHat Asia talk (March 28, 2019). However, after some time, we gathered evidence that led us to […]

OceanLotus On ASEAN Affairs

OceanLotus On ASEAN Affairs

In last days of March, Telsy TRT captured same malicious macro armed documents likely tergeting ASEAN affairs and meeting members. Telemetry and spreading statistics related to these decoy documents highlight their diffusion in the geographical area of Thailand. According with OSINT information, the 34th ASEAN Meeting will be held in Bangkok, Thailand, on June 2019. These malicious documents have been designed to induce the victims to enable a macro code that will lead to an in-memory payload injection through the use of layered obfuscation techniques. At the time of analysis, the full infection cycle showed a very low detection rate in comparison with the major anti-malware solutions. On the basis […]

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close