The Initial Access tactic is one of the 12 tactics that make up the matrix developed by MITRE for industrial environments (for more information on the matrix, feel free to consult the article ICS Matrix, the State of v11). Within this tactic, different techniques used by attackers with the aim of gaining unauthorized access to an industrial environment are shown. This is often the first target of external attackers, as access to the ICS's internal environment allows internal computers to be recognized and exploited, move around the network, gain elevated privileges, or steal sensitive information. Therefore, it is important to know this tactic in order to defend our systems
The increase in industrial control systems and the shortcomings of those systems in cybersecurity measures have made such systems a preferred target of attacks. The number of tools designed to pose a threat to the OT sector has increased, and the use of the Incontroller tool is especially concerning.
In this post, an office document, a .doc file with macros, will be analyzed through the static and dynamic analysis of the sample in a controlled environment, in order to identify the actions carried out by the Emotet malware.