Threat Advisory- Targeted Attacks In The Middle East
- Posted: 09/2/2018
A targeted malware campaign has been discovered that makes use of Dar EI-Jaleel decoy documents (Dar EI-Jaleel is a Jordanian publishing and research house). The extensive use of scripting languages (VBScript, Power shell, VBA) is observed as a part of the campaign.
The malware checks the various specifications of the targeted such as if the system is sandbox or not, installed antivirus, IP address, computer name, username, OS, drives attached to the targeted system. It is reported that the malware dropped from this campaign has functions to achieve persistence on the system and to send the acquired information to the Command & Control server.
The various stages of the campaign are as follows: