Suspected Molerats New Attack in the Middle East
released on 2019-02-14 @ 10:23:21 AM
Recently, 360 Threat Intelligence Center captured a bait document designed specifically for Arabic users. It is an Office Word document with malicious macros embedded to drop and execute a backdoor packed by Enigma Virtual Box. The backdoor program has a built-in keyword list containing names of people or opera movies to communicate with C2, distributes control commands to further control the victims computer device. After investigation, we suspect this attack is carried out by Molerats.