Track Common Adversary Tasks Performed Using BabyShark

 








To know more about it, you can go through my detailed document by clicking here














Overview

BabyShark is a Microsoft Visual Basic (VB) script-based malware family, that is linked with various North Korean campaigns, uses the same infiltration techniques as the KimJongRAT and STOLEN PENCIL, and spreads via spear phishing emails. 

How Does it Works?

Firstly, the malware will execute the Microsoft Visual Basic script containing a malicious MS Excel file that will help it in giving the commands to look for user information, system information, system name, IP address, running tasks, etc. The acquired information is then encrypted by the BabyShark malware and sent to the C&C server. It is speculated that the main goal of this malware is to gather the intelligence regarding the national security issues of Northeast Asia. 

Prevention

In order to secure your system against BabyShark malware you can:
  • Be careful of the spear phishing campaigns especially preferred by North Korea as they may appear tempting but, that's how they work.

  • Check the authenticity of the suspicious emails.

  • Install a powerful antivirus/anti-malware tool all the time on your system and regularly scan your device with it. 

 












To know more about it, you can go through my detailed document by clicking here












































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Deployment (Part 2)