After a successful reconnaissance stage, "Megatron" would work on crafting a "weapon of destruction". He would prefer not to interact with the victim directly and, instead, he will create a "weaponizer" that, according to Lockheed Martin, combines malware and exploit into a deliverable payload. Most attackers usually use automated tools to generate the malware or refer to the DarkWeb to purchase the malware. More sophisticated actors or nation-sponsored APT (Advanced Persistent Threat Groups) would write their custom malware to make the malware sample unique and evade detection on the target.
Let's first define some terminology before we analyze the Weaponization phase.
Malware is a program or software that is designed to damage, disrupt, or gain unauthorized access to a computer.
An exploit is a program or a code that takes advantage of the vulnerability or flaw in the application or system.
A payload is a malicious code that the attacker runs on the system.
Continuing with our adversary, "Megatron" chooses...
"Megatron" chooses to buy an already written payload from someone else in the DarkWeb, so that he can spend more time on the other phases.
In the Weaponization phase, the attacker would:
- Create an infected Microsoft Office document containing a malicious macro or VBA (Visual Basic for Applications) scripts. If you want to learn about macro and VBA, please refer to the article "Intro to Macros and VBA For Script Kiddies" by TrustedSec.
- An attacker can create a malicious payload or a very sophisticated worm, implant it on the USB drives, and then distribute them in public. An example of the virus.
- An attacker would choose Command and Control (C2) techniques for executing the commands on the victim's machine or deliver more payloads. You can read more about the C2 techniques on MITRE ATT&CK.
- An attacker would select a backdoor implant (the way to access the computer system, which includes bypassing the security mechanisms).
Answer the questions below
This term is referred to as a group of commands that perform a specific task. You can think of them as subroutines or functions that contain the code that most users use to automate routine tasks. But malicious actors tend to use them for malicious purposes and include them in Microsoft Office documents. Can you provide the term for it? Macro
Comments
Post a Comment