silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,052
A new attack campaign uses a combination of HTML smuggling techniques and data blobs to evade detection and download malware.
Dubbed Duri, the campaign exploits the JavaScript blob method which generates the malicious file in the web browser, thus avoiding detection by sandboxes and proxies.
"Traditional network security solutions such as proxies, firewalls, and sandboxes rely on the transfer of objects over the wire. For example, a sandbox might extract file objects such as .exe, .zip, and other suspicious objects from the wire and then send them to the sandbox for detonation," reads a report published by Menlo Security.
The company's detailed analysis of the Duri campaign along with the Zero Trust detection approach used and a long list of Indicators of Compromise (IoCs) related to the campaign are provided in their report.