For this campaign. It's reasonable to suggest that there could be similar malware affecting OSX assuming the group have a general target in mind and not something specific to windows using developers...
> each one carried the same malicious .doc file as an attachment (SHA256: 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e). This file contained embedded macro code that executed a commonly observed PowerShell command to download and execute a file.
What versions of Word are vulnerable to this? Or is it a valid macro and technically a feature?
As I recall, Start-Process wouldn't trigger any Windows security prompt (although it might for remote-origin unsigned binaries?).
4 comments
[ 3.9 ms ] story [ 21.6 ms ] threadWhat versions of Word are vulnerable to this? Or is it a valid macro and technically a feature?
As I recall, Start-Process wouldn't trigger any Windows security prompt (although it might for remote-origin unsigned binaries?).