Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated ongoing attack has been discovered that evades antivirus software, prevents sandbox uploads, and bypasses Outlook's spam filters. The attackers deliberately corrupt files to conceal their type, making detection difficult for security tools. These corrupted files, often identified as ZIP archives or MS Office files, operate successfully within the OS but remain undetected by most security solutions. The attack exploits the recovery mechanisms of 'damaged' files in programs like Microsoft Word, Outlook, and WinRAR. The campaign has been active for several months, with the earliest instances dating back to August. The ANYRUN sandbox's interactivity allows it to identify this malicious behavior by launching the broken files in their corresponding programs.
OPENCTI LABELS :
zero-day,sandbox evasion,spam filter bypass,antivirus bypass,file corruption
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection