BLE / NFC Threats

Bluetooth Low Energy

Bluetooth Low Energy (BLE) is a wireless communication technology specially designed to prolong battery life of devices with different power consumption and usage capabilities. BLE started in Bluetooth version 4.2 with the latest being 5.x. It’s known as “Bluetooth Smart” whereas previous versions are referred to as “Bluetooth Classic”. Bluetooth operates at 2.4GHz with a max distance of 100 meters. Version 5 is backwards compatible and provides double the speed, four times the distance, lower power requirement, better security, and higher reliability.

Read more →

Abusing Code Signing Certificates

Authenticode Signature

The point of code signing certificates is to verify the file came from a trusted source, the file was not tampered with prior to receiving it, and the file’s origin can be validated. Code signing creates a hash of the code and encrypts it with a private key adding its signature. During execution, this signature is validated and if the hash matches, it gives assurance that the code has not been modified. Users or security tools may trust a signed piece of code more than an unsigned piece of code even if they don’t know who issued the certificate or who the author is.

Read more →

Malicious Word Doc

https://analyze.intezer.com/analyses/1832abdc-0212-4f2b-97af-ec69af2e5a92/genetic-analysis

https://www.virustotal.com/gui/file/81c7eef54c852dd68050147f77f937933cbff1c22722617180ca386ef55918ab

SHA256:81c7eef54c852dd68050147f77f937933cbff1c22722617180ca386ef55918ab

Malicious Word document referencing Minsk Protocol.

Uses macros to download a second-stage payload from a server.

Process Tree

Uses WINWORD to open the file.

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\<USER>\AppData\Local\Temp\<ANALYZED-FILE-NAME>.doc" /q