EDR detection of malicious code of Danabot spread through Word documents.

  • The blog post discusses the infection flow of the Danabot malware, which is primarily distributed through documents containing external links.
  • The document attached to the spam email is a Word document (.docx) that contains an external link address.
  • The email is disguised as a sophisticated job application to deceive the recipient.
  • The blog post explains the evidence and detection that can be confirmed through the diagram of the company’s EDR product.
  • The post provides a diagram of the company’s EDR product to demonstrate the detection of the Danabot malware.

https://asec.ahnlab.com/ko/64906/