top of page

Malicious Documents Targeting Security Professionals

Jigsaw Security has been watching (and receiving of late) many malware laden documents. Starting about 2 weeks ago we started seeing an uptick in documents in our inboxes. Shortly after Cisco Talos posted a bulletin and several organizations to include Alienvault and Cisco began sharing information.

Upon researching the documents we have decided to release the list of host that are involved as well as some of the recent detections.

Here is what Cisco Talos had to say about it:

Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 at Washington, D.C. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro.

Cisco provided a list of indicators and Jigsaw Security has performed additional research. Here are the findings.

Indicators of Compromise:

The following host are involved in this campaign

Here are the associated hashes

522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805 c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18 efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52

Customers of Jigsaw Security can get additional information here.

In addition to this event Jigsaw Security is also aware of a similar campaign also targeting security professionals and is investigating the actors. More information will be posted to the Jigsaw Security Threat Intelligence platform.

768 views0 comments
bottom of page