ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Analysis.md

Browse Source
This commit is contained in:
StrangerealIntel 2019-10-16 16:40:43 +02:00 committed by GitHub
parent a0afddf196
commit ca51bacdc1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Russia/Cybercriminal group/FIN7/16-10-19/Analysis.md
View File

@ -9,7 +9,7 @@
+ [Link Anyrun](#Links-Anyrun)
+ [Documents](#Documents)
## Malware analysis <a name="Malware-analysis"></a>
###### The initial vector is a malicious xls which a macro, this extracts the string on the document and execute it.
###### The initial vector is a malicious xls which use a macro for extracts from the strings on the document the js script and execute it.
![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Russia/Cybercriminal%20group/FIN7/16-10-19/Pictures/Macro.png)
###### The first layer of the JS backdoor is a series of arrays where the second elements are used for giving the second layer of the backdoor.
![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Russia/Cybercriminal%20group/FIN7/16-10-19/Pictures/layer1.png)