DOCGuard - Detect Maldocs in Seconds!

Strange PPT maldoc with low detection rates since 2022-02-02. MD5: c0060c0741833af67121390922c44f91 PPT file>wscript.exe>powershell.exe>rundll32.exe [+]Exec wscript when user moves mouse [+]Wscript exec powershell [+]PS download the XORed DLL. [+]Exec it using rundll32.exe

🚨#Malicious #CHM File Evaded All AV Solutions🚨 📌VT Detections 0/64 📁Filename: CV - 585126.chm 🔐MD5: 0d0ef17e86a2bcfb97763c54731179a5 DOCGuard Report: app.docguard.io/c3ac20f94e0c7d…

@malwrhunterteam app.docguard.io/728885cdf0e9dc…

🤷‍♂️

cdn-static[.]space 👀 🤷‍♂️

🚨#Phishing #Pdf File Evaded All The AV Solutions 🚨 📌VT 0/61 📂Filename: Ziraat.pdf 🔐MD5: 4105ec3dc57e1dc3929ec0be0054aad5 🕵️IoCs: download1586.mediafire.com/zdxk5x2veb7g3T… DOCGuard Analysis: app.docguard.io/d87819102369f4…

🚨#Malicious #PowerPoint File Evaded Most The AV Solutions🚨 📌VT Detections 2/64 📂Filename: Supplier_0202AW.ppsm 🔐MD5:b8bcf5bbe2d94c49ff13a89a2b700af4 🕵️IoCs: raw.githubusercontent.com/knkbkk212/knkb… freedns.afraid.org/api/?action=ge…

@smica83 @abuse_ch @JAMESWT_MHT app.docguard.io/6782b1a05b8670…

#malware doc with zero detection (possibly APT) uploaded @abuse_ch bazaar.abuse.ch/sample/6782b1a… @JAMESWT_MHT

🚨 #Phishing PDF File Evaded All The AV Solutions🚨 ⚠️ #FakeMicrosoftLoginPanel ⚠️ 📌 VT Detection: 0 / 65 📁 Filename: Dussmann Kalte- und Klimatechnik GmbH Zahlung.pdf 🔐 MD5: ecae32462944be54e54e01d2c978c82d 🕵️‍♂️ IOCs: - (DOMAIN) dussmann-kalte-und-klimatechnik-gmbh[.]moll-de[.]com DOCGuard Report: app.docguard.io/c029927c004a35…

🚨 #Malicious #Excel File Evaded Most Of The AV Solutions 🚨 ⚠️ Malicious AutoHotkey File ⚠️ 📌 VT Detection: 2 / 63 📁 Filename: Resource_Allocation_Audit.xlsm 🔐 MD5: 9322fbcce010b89e4abb9b17d55a3339 🕵️‍♂️ IOCs: - (IP) 52.109.76.240 DOCGuard Report: app.docguard.io/8b71bcb27bc1ef…

🚨 #Phishing HTML File Evaded All The AV Solutions🚨 ⚠️ Fake Microsoft Login Panel ⚠️ 📌 VT Detection: 1 / 62 📁 Filename: SecureMessageATT.html 🔐 MD5: c2c9d016210430afe67c65664708260b 🕵️‍♂️ IOCs: - (DOMAIN) eyidiyw9yo[.]kimmythepet[.]shop DOCGuard Report: app.docguard.io/fd6cbfcd4aff33…

🚨 #Malicious #Word File Targeting Browser Credentials 🚨 ⚠️ Python Based #Stealer With Telegram API ⚠️ 📌 VT Detection: 8 / 67 📁 Filename: Doc1.docm 🔐 MD5: 0fee354732496cdbdb4e78ecb218a81a Visit DOCGuard Report for IOCs and Malicious Macros: app.docguard.io/5b168fed855515…

🚨 #Malicious #Excel File Evaded Nearly All the AV Solutions 🚨 📌 VT Detection: 11 / 65 📁 Filename: HSBC Advice_ACH_Credit_08082024 (1).xls 🔐 MD5: 30dda8925527f67ecf7d7d8bb2a44006 🕵️‍♂️ IOCs: - (IP) 192.3.243[.]147 - (MD5) f904e8a5141b08f3f8e2121459f539fe - (MD5) 3470b26b4f683b2c79794d5a71b5d681 DOCGuard Report: app.docguard.io/871e96fc0a955e… Visit DOCGuard for dropped files reports 👉 app.docguard.io

🚨 #Malicious #LNK File Evaded Most of the AV Solutions 🚨 ⚠️ Various Malicious #MSI Files at Storj Link ⚠️ 📌 VT Detection: 3 / 56 📁 Filename: 505031.lnk 🔐 MD5: b71e208eab8215c3ea77aeb6d89260a9 🕵️‍♂️ IOCs: - (URL) freitaslogistica[.]com - (MD5) d73bdbc6566f8eacc32c575a5da9f383 - (MD5) b3b871e6016b1d02f7fa35cb885e7d8f Storj Link: link.storjshare.io/s/jvndynguvssp… DOCGuard Report: app.docguard.io/c09fb26afc81f1…

🔍 Top 10 Most Common Malware Families in the Wild 🔍 In the constantly changing field of cybersecurity, it is essential to stay updated on the most common malware risks. Listed below are the top 10 malware families that have been commonly identified recently, presenting considerable threats to both individuals and organizations. Being alert and ready is essential for protecting against these malicious individuals! Trojan:PowerShell/Casur.CS 890 TrojanDownloader:JS/FakejQuery 739 TrojanDownloader:HTML/Renos 543 Js.Malware.Autolike 532 Xls.Malware.Digs 311 TrojanDownloader:JS/Nemucod 259 Virus:X97M/Laroux 245 TrojanDownloader:JS/Rifrab 182 Exploit:HTML/MS06014 157 #trojan #malware #exploit #virus #PowerShell #Nemucod #threatintelligence #feed #ioc #malicious

👀 Someone's Trying to Create Malicious LNK File (SHA256) 1002d0b0909474c4ff12eab8e94dbf0b00df8c82fdb21fbc7e8363613c1f0da4 (SHA256) 04be2ed6362162ca679535f72d6ab5287f51bb10a38a5c55fd76cd3d25869227 (SHA256) a8d76ad4a3467e9b57424f266709849c6aabfab96c1ebcb0aceae798b561bfc0 (SHA256) be17eb74a6f0ca7bd36971ddc9eeaed75a7cbc6860652f1f1ae433ab0657c49f (SHA256) 2e03f86d8810f9b319092dff263c3a8c93c930d934b69aafaeb6d86429cdbcdb Search hashes in DOCGuard for Analysis Report 👉 app.docguard.io

🚨 Malicious Excel File Evaded Most of the AV Solutions 🚨 📌 VT Detection: 6 / 49 📁 Filename: DRWG-347RB1.pd.xls 🔐 MD5: c433eae598bb293ae5c2f28ad9a61c3b 🕵️‍♂️ IOCs: - 54.38.139[.]98 -jx[.]ax DOCGuard Report: app.docguard.io/f17bd7fd6d8a9e…

@osipov_ar app.docguard.io/19001dd441e502…

Check out this #phishing #PDF posing as a #CrowdStrike updater for Windows hosts. It originates from the #Handala_Machine and ultimately delivers a #wiper using a variant of #CypherIT. PDF: cdfa4966d7a859b09a411f0d90efbf822b2d6671 ZIP: 66fbe2b33e545062a1399a4962b9af4fbbd4b356

🚨 Similar CHM File Evaded Most of the AV Solutions 🚨 📌 VT Detection: 4 / 64 📁 Filename: Joint working group.pdf.chm 🔐 MD5: b445f85edab25e9216874ca8cad0efb5 🕵️‍♂️ IOCs: - littlehipsononline[.]com DOCGuard Report: app.docguard.io/8f03eb3fe7363b…

🚨 Info Stealer CHM File Evaded All the AV Solutions 🚨 📌 VT Detection: 1 / 64 📁 Filename: CamScanner 10-07-2024 10.40.chm 🔐 MD5: 16807cb880073b1c21009f7749c8fe7f ⚠️ Used Techniques: - Obfuscation of CMD command in CHM file - Persistence (Task Scheduling) - Gathering system information with "wmic" - GET and POST requests via "curl" 🕵️‍♂️ IOCs: - mxmediasolutions[.]com Visit the report for the initial malicious script: app.docguard.io/1dd50966db005e…

🚨 Monthly Malware Detection Analysis 🚨 Over the past month, our analysis using DocGuard has identified various types of malware. Here are the statistics based on the detection names of these threats: 📊 Top Detection Names: TrojanDownloader/FakejQuery Js.Malware.Autolike Xls.Malware.Digs TrojanDownloader/Nemucod Xls.Malware.Valyria TrojanClicker/Faceliker TrojanDownloader/Renos Html.Malware.Agent Doc.Malware.Valyria TrojanDownloader/Rifrab Attackers continuously evolve their methods, and organizations must stay updated with the latest security measures to protect their systems. Please stay vigilant and make sure your security tools are up-to-date to help you deal with these threats effectively. 💪🔒 Try DocGuard for Free: Protect your organization with the latest malware detection and analysis. Visit our website to get started with a free trial of DocGuard and stay ahead of evolving threats. app.docguard.io For more detailed insights and recommendations, visit our website or contact our team. #CyberSecurity #Malware #ThreatDetection #DocGuard #StaySafe

✍️ New Blog Post 👉 Analysis of Malicious Word Document: Python Based Malware Targeting Browser Data 📊 The Python-based malware from a Word document targets sensitive information stored in browsers, such as cookies and saved passwords, collecting and transmitting it to a remote server. 🔗 For more info, check out the blog post hand 👇 docguard.io/analysis-of-ma… 🛡 Protect yourself from trending threats with DOCGuard. Sign up and start analyzing malicious documents in seconds 👉 app.docguard.io

📊 Phishing E-mail Campaign Analysis by DocGuard📊 Our recent analysis examined approximately 3,000 phishing emails📂 and identified the top five most commonly used subjects by threat actors in their campaigns. The study reveals the tactics and trends that attackers use to deceive recipients. ⚠️Key Findings⚠️ *Urgent ınformatıon! You must read! *PO: Order no/338390208b *You have a new ACH Deposit gheenIrrIgatIon[.]com *Balance payment of invoice 002133 *Ростех. ФСБ РФ. Роскомнадзор. Срочные сиправления уязвимостей This data provides valuable insights into the strategies employed in phishing attacks, enabling better preparation and defense against such threats.