Rewterz Threat Advisory – IBM Business Automation Workflow and IBM Business Process Manager
June 1, 2020Rewterz Threat Alert – Malicious URLs – Covid-19
June 1, 2020Rewterz Threat Advisory – IBM Business Automation Workflow and IBM Business Process Manager
June 1, 2020Rewterz Threat Alert – Malicious URLs – Covid-19
June 1, 2020Severity
Medium
Analysis Summary
Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this kind of macro.
Document disguised as a PowerPoint template (with the extension ‘.pot’) delivered within a classic phishing email. It was not a template but an add-in. PowerPoint supports ‘add-ins’ developed by third parties to add new feature.
Impact
Exposure of sensitive data
Indicators of Compromise
MD5
- eec80c5c7f0defbc3139dd03ae3b38aa
SHA-256
- d46615754e00e004d683ff2ad5de9bca976db9d110b43e0ab0f5ae35c652fab7
- b345b73a72f866ac3bc2945467d2678ca4976dd4c51bd0f2cdb142a79f56210a
SHA1
- 03f7e0089feb51ea507c2c8ba334cb944cf3a27e
Remediation
Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.