The program is called WhiteShadow and transmits via malicious emails or attachments to Microsoft Word and Excel.
How does it work;
When the victim opens the malicious email and gains access to macro attachments, malicious payloads infect the system of.
This malware is stored as encoded ASCII strings in the database.
WhiteShadow uses a wide range of malicious software downloads from Microsoft SQL Server, which is under the control of intruders.
The malicious program was first launched in August, followed by multiple campaigns that used it to attacks.
The first campaigns had no way of avoiding crawling, but later ones included methods such as code obfuscation and intentional misspelling of variables. This was probably done to prevent automatic detection.
Most of the WhiteShadow campaigns were used to deliver Crimson malware.
Its executives Keylogger, such as Orion Logger, Remcos, and Nanocore, were among the other malicious programs transmitted to these campaigns.
How to protect yourself?
Researchers recommend that organizations monitor incoming emails and outgoing traffic on the TCP 1433 port. The port must either be blocked or have limited ACL configuration on Firewall.
The report also mentions Indicators of Compromise (IOC) to help organizations ensure that this malware is detected.