MetaDefender Core leveraging 6 industry-leading cybersecurity technologies, in combination with MetaDefender Email Gateway Security, brings the most comprehensive protection to your organization. Enterprises are advised to improve their employee phishing awareness training as well as their security system. Various sophisticated malware types have been used to increase the chances of getting into your system.
It is witnessed that TA505 is very active with email phishing campaigns nowadays. It removes every Macros, OLE and also recursively sanitizes all images in the file. Again, Deep CDR is effective in this case. As a result, the malicious Excel file can’t be downloaded either.Īdditionally, TA505’s phishing campaigns used to send the malicious Excel file as an email attachment to its victims directly. After the process, the user opens the sanitized file without the mentioned redirection. If the HTML file is sanitized by Deep CDR, all risk vectors will be removed, including Javascript. In the background, the Macro runs and drops a couple of files on the victim’s system with the following file paths: C:\Users\user\AppData\Local\Temp\copy13.xlsx, C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sample_.dll (RAT) How can Deep CDR protect you from the phishing attack?
EMAIL REDIRECTOR WINDOWS
When the victim opens the file and enables Macro, a fake Windows Process UI, which is actually a Visual Basic form, appears making the victim think that Excel is configuring something. The Excel file contains several obfuscated Macros.
EMAIL REDIRECTOR DOWNLOAD
The HTML file was identified as a fake Cloudflare page with relatively simple JavaScript to redirect users to a download page after 5 seconds. The HTML and Excel files were examined on in early February 2020. This Excel file drops a malicious payload when the victim opens it.When the victim opens the HTML file, it will automatically download a malicious macro Excel file.A phishing email with an HTML attachment is sent to a victim.In this blog post, we will take a look at the files used in the attack and explore how OPSWAT’s Deep Content Disarm and Reconstruction technology (Deep CDR) can help prevent similar attacks. Recently, a new phishing email campaign using the same attack strategy was discovered by the Microsoft Security Intelligence team. TA505’s phishing emails use attachments featuring an HTML redirector for delivering the malicious Excel files, according to research conducted by TrendMicro in July 2019. TA505 usually uses phishing emails to deliver malicious Excel files that drop payloads once they are opened. In February 2020, Maastricht University, a public university in the Netherlands, reported that it was a victim of TA505’s massive ransomware attack using phishing emails. TA505 is a cybercrime group that has been active since 2014, targeting Education and Financial institutions.
0 kommentar(er)
