'Magic Hound'
'Magic Hound' is the code name used to reference a seemingly limited
series of malware distribution campaigns that were observed targeting
organizations in Saudi Arabia as well as organizations with business
interests in Saudi Arabia. Similar to other malware distribution
campaigns that Talos has observed and documented, this series of
campaigns made use of phishing emails containing links to malicious Word
documents hosted on attacker controlled servers. When opened, the
malicious documents display a message instructing the user to enable
macros in an attempt to entice recipients to execute the attacker's
scripts and download additional malware, thus infecting their systems.
Unlike some of the more sophisticated campaigns seen in the wild, in the
case of 'Magic Hound' the attackers made use of commodity malware and
tools. This included tools such as IRC bots and Metasploit Meterpreter
payloads as well as an open source Remote Administration Tool (RAT).
Cisco Talos is aware of this targeted campaign and we have responded to ensure that customers remain protected from 'Magic Hound' as well as other similar campaigns as they are identified and change over time.
Cisco Talos is aware of this targeted campaign and we have responded to ensure that customers remain protected from 'Magic Hound' as well as other similar campaigns as they are identified and change over time.
Coverage
Coverage for 'Magic Hound' is available through Cisco security products, services, and open source technologies. Note that as this threat evolves, new coverage may be developed and existing coverage adapted or modified. As a result, this post should not be considered authoritative. For the most current information, please refer to your FireSIGHT Management Center or Snort.org.Snort Rules
- 41655-41659
No comments:
Post a Comment
Thank you for your comment. Will try to react as soon as possible.
Regards,
Networ King