This technical note discusses a relatively undocumented implant used by the APT10 group. This is named "Red Leaves" after strings found in the malware. The sample discussed was found during an incident response engagement in March 2017. The earliest …
This technical note discusses a version of Sakula uploaded to VirusTotal on the 25th April 2016. The sample initially looked interesting as it uses a signed Kaspersky binary to load itself, presumably to avoid UAC.
In March Microsoft published security advisory 2953095, detailing a remote code execution vulnerability in multiple versions of Microsoft Office (CVE-2014-1761). A Technet blog was released at the same time which contained excellent information on …