Recently one of my clients received a well-performed phishing attack with an “invoice”, that like a lot of attachments was malware. Everything seemed to be legit except that the invoice ended in one of my honeypot inboxes. I usually deploy some email addresses, not in use active use by the company, that I monitor in order to catch attacks. The malware seems to be a trojan focused on stealing information. Furthermore being a fresh sample at the beginning is was only detected by six detection engines in VirusTotal, right now it detected by 18 over the 60 available on VirusTotal.
#infosec #cybersecurity #security #antivirus #malware #machine-learning
Playing With CrowdStrike Machine Learning Detection. A review of the new generation EDR CrowdStrike.