Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation KEYMARBLE 2019

The campaign targets companies in Russia with Microsoft Office documents containing malicious macros. The operation requires the victim to accept the "enable macro security warning" before the system is infected. The final payload used in the attacks is a new version of the KEYMARBLE backdoor. The attackers use Dropbox in the second stage of the infection chain and also use a benign PDF file as a decoy document to make the files used in the campaign appear legitimate.
Name Modified Date Sources
Operation KEYMARBLE 2019 2019-02-19