I recently came across an interesting malicious document. Distributed as an attachment of a run-of-the-mill malspam message, the file with a DOC extension didn't look like anything special at first glance. However, although it does use macros as one might expect, in the end, it turned out not to be the usual simple maldoc as the following chart indicates.
Advertise on IT Security News.
Read the complete article: Analysis of a triple-encrypted AZORult downloader, (Mon, Feb 3rd)