Document macros have been around for a long time and have really been overused. Just dropping a malicious .doc rarely works anymore.
So what can we do now? One of the modern solutions is remote template injection.
Remote Template Injection:
Remote template injection is the improved method over the old malicious .doc
It relies on using "benign" .docx files which can not contain any macro code and as such are considered safe. However, they can reference remote .dotm files which in our case will contain the malicious code.
So the .docx file is just a stager with no malicious code at all and as such it bypasses all AV and email scanners. The only way a .docx file can be flagged is by it's unique hash after it gets recognized by security researchers/sandboxes as malicious but at that point it is already far too late.
Onto the service description:
I am selling the .docx by the bin.
Both the .docx and the remote code are custom made for each buyer.
All you need to do is supply the direct link to the .exe to be executed. Of course the detection rate of your payload will influence the final success rate.
If somebody wants a specialized build - UAC bypass etc feel free to contact me. I will try to offer the best support that I can!
The price per .docx build is $125
The less you use the file (or only once) it can stay FUD for months.
If you need multiple builds I will offer a discount.
If you plan to send thousands of emails and need a lot of builds we can negotiate that too.
.docx scan: https://kleenscan.com/scan_result/29d301...68c9b9ddab
Remote .dotm scan: https://kleenscan.com/scan_result/d2f808...9079fb0806
- Most AV products detect .doc macros
- .doc with macro code CAN NEVER BE ATTACHED TO GMAIL (even with only a hello world non malicious code)
- A lot of other email scanners outright block .doc with macro code
- Same applies to the Excel macro equivalent
So what can we do now? One of the modern solutions is remote template injection.
Remote Template Injection:
Remote template injection is the improved method over the old malicious .doc
It relies on using "benign" .docx files which can not contain any macro code and as such are considered safe. However, they can reference remote .dotm files which in our case will contain the malicious code.
So the .docx file is just a stager with no malicious code at all and as such it bypasses all AV and email scanners. The only way a .docx file can be flagged is by it's unique hash after it gets recognized by security researchers/sandboxes as malicious but at that point it is already far too late.
Onto the service description:
I am selling the .docx by the bin.
Both the .docx and the remote code are custom made for each buyer.
All you need to do is supply the direct link to the .exe to be executed. Of course the detection rate of your payload will influence the final success rate.
If somebody wants a specialized build - UAC bypass etc feel free to contact me. I will try to offer the best support that I can!
The price per .docx build is $125
The less you use the file (or only once) it can stay FUD for months.
If you need multiple builds I will offer a discount.
If you plan to send thousands of emails and need a lot of builds we can negotiate that too.
.docx scan: https://kleenscan.com/scan_result/29d301...68c9b9ddab
Remote .dotm scan: https://kleenscan.com/scan_result/d2f808...9079fb0806
Quick Demo:
1 Month Subscription - 450$:
3 Month Subscription - 1150$:
Good luck to everyone on their endeavors and I'm sure that you will find success using remote template injection with my help!
1 Month Subscription - 450$:
- 50 builds
- Premium support
3 Month Subscription - 1150$:
- 200 builds
- Premium support
Good luck to everyone on their endeavors and I'm sure that you will find success using remote template injection with my help!
