Lastline Labs Lastline Labs


Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 3]

Evasive scripts continue to be on the rise - whether it’s in the form of VBA macros in Microsoft Office documents or in the form of JScript scripts, malware authors are equipping their campaigns with a wide arsenal of tricks to avoid detection through security solutions.

By: Clemens Kolbitsch

Click to Read

Recent Highlights:

Evasive JScript

One of the characteristics of malware that we follow closely is its use of evasion techniques; that is, techniques that the malware uses to hide its true malicious nature from traditional sandboxes, until it reaches a specific target machine. In other posts, we have discussed the adoption of different evasive techniques in binary programs, and, more recently, we have looked at the use of evasion in malicious Office documents through VBA macros. Here we examine the use of evasion in JScript scripts.

Read the Blog Post

Party like it’s 1999: Comeback of VBA Malware Downloaders [Part 2]

The use of malicious macro code in Microsoft Office documents is seeing a big comeback in recent weeks. As we already discussed in the first part of this blog-post series, this malicious code gives attackers a very simple but powerful means to attack users. At the same time, the simplicity of the attack comes at the price that it is somewhat easy to detect (when compared to binary malware) if the attacker does not pay special attention to hiding his/her code.

Read the Blog Post

Hunting for Ransomware with LLKB

With this blog post, we want to demonstrate how you can leverage the Lastline Knowledge Base and its new clustering feature to extract some key observations around a given threat. Using recent real world threats as study cases, we present different workflows to retrieve the analysis data related to these threats, to cross-reference this data with online information and blogs and, finally, to extract from this data actionable items to react to these threats and build informed remediation plans.

Read the Blog Post