I understand that a company having legacy systems running always. But, are you permitting XLSM and XLSB filetypes ? #STOP it as fast as possible !!
Following images are from a malware packer, possibly related with latest #Zloader and other infections.
From the 2nd screenshot it is clear that XLSM and XLSB files are always fully undetectable ( FUD ) by Anti Viruses and it is easy to evade all other detection measures which we already have seens in multiple variants .
Better safe than sorry !
I am not your Regular #BlueTeam #YARA #Guru who is writing yara for everything everyday. But, was assigned for a task where I need to find-out a proper Yara for a specific class of new gen malwares where AV or SHA/MD5 based IOC's are not working. Even
Received numbers of sample submission of invoice themed XLS which are not getting detected on VT [https://virustotal.com] properly using any reputed Anti Virus engine. There is nothing abnormal happening except it is showing following screen when opened. Pretty unusual - huh ! So, after finding few sample which is
Yes, it is a known story now that IT Giant #Congizant suffering from Maze Malare infection partly. Lot of their system got encrypted and hackers asking for Ransom ! There are other malwares, but one of the tactics used by Maze / ChaCha group to put pressure on their victim is to
