The Threat CodexSep 4, 2024
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
#MacroPack
https://blog.talosintelligence.com/threat-actors-using-macropack/
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.”

Cisco Talos Blog
ITSEC NewsSep 3, 2024
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads - Cisco Talos recently discovered several related Microsoft Office documents uploade... https://blog.talosintelligence.com/threat-actors-using-macropack/ #brute_ratel #macropack #threats #securex #havoc
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.”

Cisco Talos Blog
Petit SioNov 28, 2022
I have added to MacroPack Pro a new LNK dropper that does not rely on any interpreter (not even PowerShell)!
The LNK extracts from within and execute several kind of payloads (exe, dll, vbs, etc.).
Bonus: It also works from inside non extracted ZIP files!
#macropack #redteam