Two New Malware Campaigns Found


Attacks involve a Word doc attachment with embedded macros

Security researchers at Carbon Black have found two malware campaigns related to the Ursnif malware.

“This attack originally came in via phishing emails that contained an attached Word document with embedded macros; Carbon Black located roughly 180 variants in the wild. The macro would call an encoded PowerShell script and then use a series of techniques to download and execute both a Ursnif and GandCrab variant,” wrote Carbon Black in a blog report.

Carbon Black has released a detailed overview of the campaigns.

Researchers at Talos have released a list of IOCs (indicators of compromise) to help users detect and mitigate the spread of the malware.

comments powered by Disqus