A standard characteristic in all the malicious paperwork Cisco Talos took aside is the existence of 4 non-malicious VBA subroutines. These subroutines appeared in all of the samples and weren’t obfuscated. The inclusion of the benign code is more likely to decrease the extent of suspicion of the code generated by MacroPack, Talos researchers suspect.
Is that this a brand new malware marketing campaign by a menace actor? Possibly not. MacroPack is a framework created for Pink Groups to check the defences of prepared organizations, so the report says it’s doable the examples it discovered had been a part of crimson teaming workout routines. In reality, the researchers had been in a position to affirm a few of the samples had been a part of Pink Group actions. Others, nonetheless, contained sure techniques and methods that appear malicious.
On the very least, Cisco mentioned, infosec professionals ought to take the invention as a reminder to replace their Workplace suites to the newest model.
