A common feature in all the malicious documents that Cisco Talos has classified is the presence of four malicious VBA components. These subroutines appeared in all samples and were not obfuscated. Incorrect coding may have lowered the suspicion level of the code generated by MacroPack, Talos researchers suspect.
Is this a new malware campaign by a threat actor? Maybe not. MacroPack is a framework developed by Red Teams to test the defenses of willing organizations, so the report says it’s possible the samples they found were part of a red team exercise. In fact, the researchers were able to confirm that some of the samples were part of the Red Team’s activities. However, some contained some seemingly cruel tricks and techniques.
At the very least, Cisco said, infosec professionals should take the discovery as a reminder to update their Office suites to the latest version.
Source link