|Data Sources||Anti-virus, Process command-line parameters, Process monitoring|
|Asset||Engineering Workstation, Human-Machine Interface|
Adversaries may rely on a targeted organizations’ user interaction for the execution of malicious code. User interaction may consist of installing applications, opening email attachments, or granting higher permissions to documents.
Adversaries may embed malicious code or visual basic code into files such as Microsoft Word and Excel documents or software installers.1 Execution of this code requires that the user enable scripting or write access within the document. Embedded code may not always be noticeable to the user especially in cases of trojanized software.2
- Execution of Backdoor.Oldrea relies on a user opening a trojanized installer attached to an email.23
- Bad Rabbit is disguised as an Adobe Flash installer. When the file is opened it starts locking the infected computer.4