This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett
[Attachment]
Overview
Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid sandbox detection and virtual analysis, as well as exploitation from a non-embedded Flash payload. This document targeted NATO members in a campaign during the Christmas and New Year holiday. Due to the file name, Talos researchers assume that the document targeted NATO members governments. This attack is also notable because the payload was swapped out with a large amount of junk data which was designed to create resource issues for some simplistic security devices.
Read More
Tags:
Cisco Systems Inc. published this content on 27 January 2017 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 27 January 2017 21:30:07 UTC.
Original documenthttp://blogs.cisco.com/security/talos/matryoshka-doll-reconnaissance-framework
Public permalinkhttp://www.publicnow.com/view/310CFCCD1B70C8B867AE3A84D5333638333D3E8F
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).