2016-05-05 Cerber Infection from MalSpam – UPDATED
Another day at the office and another malicious Word document sent to a user in hopes of them running the macro. From what I can tell from my investigation below this malware has been talked about over at SANS ISC via Brad and looks to be a new type of ransomware called Cerber. With that being said, my investigation into this malware is WITHOUT any files being encrypted on my test VM and some of the other characteristics of this infection (my VM talking to me about it being infected). So after opening the Word document and enabling the macro,…