HackDig : Dig high-quality web security articles for hacker

Donoff Macro Dropping Ransomware

Recently, we’ve spotted Zepto ransomware spreading through spam email containing fake invoices (see image below). These attachments contain a Macro-Enabled word document file known as Donoff, which downloads the Zepto executable that encrypts all your files and will later ask for payment of the decryption key. We decided to take a closer look on the D
Publish At:2016-11-21 23:35 | Read:4611 | Comments:0 | Tags:ThreatTrack Security Labs Web threats donoff infected macro

Zepto Evasion Techniques

We’ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we’re seeing infected attachments with malicious macro scripts used as the entry point for the threat actor. (See images below of some recent spam samples.) As we dig deeper into our analysis, we found out that these macro scripts are not crafted manually.
Publish At:2016-11-21 23:35 | Read:8619 | Comments:0 | Tags:Featured Web threats donoff engine limitation evasion ransom


Share high-quality web security related articles with you:)


Tag Cloud