ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Analysis.md

Browse Source
This commit is contained in:
StrangerealIntel 2020-04-23 16:56:48 +02:00 committed by GitHub
parent 56df399f13
commit 1b4ab678ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
North Korea/APT/APT37/2020-04-23/Analysis.md
View File

@ -1,4 +1,4 @@
## APT 37 strike again ## APT 37 strike again ?
## Table of Contents ## Table of Contents
* [Malware analysis](#Malware-analysis) * [Malware analysis](#Malware-analysis)
* [Cyber kill chain](#Cyber-kill-chain) * [Cyber kill chain](#Cyber-kill-chain)
@ -10,7 +10,7 @@
+ [Articles](#Articles) + [Articles](#Articles)
<h2>Malware analysis <a name="Malware-analysis"></a></h2> <h2>Malware analysis <a name="Malware-analysis"></a></h2>
<h6>The initial vector is an maldoc with a macro. This launches an auto-open method for decrypt the next stagger, save it and execute it in push as argument the URL to contact. This saves the modification on the document for avoiding to be executing a second time by the victim.</h6> <h6>The initial vector is an maldoc with a macro. This launches an auto-open method for decrypt the next stager, save it and execute it in push as argument the URL to contact. This saves the modification on the document for avoiding to be executing a second time by the victim.</h6>
```vb ```vb
Private Sub Document_Open() Private Sub Document_Open()