Thankfully, our Forcepoint(r) Sandbox is detecting it for us through a number of indicators, one of which shows a similarity to Zeus:
What else is happening in the attack? As usual it is Posting/Phoning home to Mother Russia along with an HTTP Get which downloads a .exe file:
What is the detection rate for this 2nd stage of the attack? Not so great either:
NOTE - did you see that CrowdStrike, with much fanfare, decided to contribute back to the Security Community by having their "Machine Learning" powered results displayed via VirusTotal? While it is good that, unlike many traditional signature based engines, CrowdStrike detected this threat in Stage 2. However, where was CrodStrike on Stage 1? No where on Virus Total can you find their results for that initial Word Doc. Are there agreements in place to only display their name when a positive detection is made? Seems fishy to us.
In any case, let us help you save money by installing next gen security solutions as the AV Vendors have once again proven unsuccessful. Call ESPO Systems if you need help... :-)
Very good website. I liked it very much.
ReplyDeleteCommercial Projector Installation
Commercial AV Installation Southbay
I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. SubZero, Viking Ice Maker Repair in Oceanside, California
ReplyDeleteExcellent and very exciting site. Love to watch. Keep Rocking. Maytag, Miele, LG, Electrolux, GE, Bosch Washer Repair in Los Angeles
ReplyDelete