Thursday, January 20, 2022

Public report on attacks in Middle East we attribute to WIRTE APT

Overview

This February, during our hunting efforts for threat actors using VBS/VBA implants, we came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and execute arbitrary code sent by the attackers on the infected machine.

Although these intrusion sets may appear similar to the new MuddyWater first stage VBS implant used for reconnaissance and profiling ac…

Read More

Latest news
Related news