Depth of effective macro campaign

Spreading malware through MS Office macros is very simple, as it does not depend on MS Office version. Some of the major threats like Emotet, Trickbot, Ursnif, Hancitor, etc. have been using VBA macros, some of the futures of OLE has been used to spread malware like DDE. Spear-phishing, APT attacks, Muddy water campaigns are the few which spread through the same. We would like to deliver how malware gets spread using MS Office macros and in-details about different techniques of obfuscation and how it bypasses the detections of different AVs, as well as showing some different examples of VBA macro malware and normal VBA macro code. In our findings, we show you how to detect such VBA macros. Also, how the MS Office macros get evolved and stay persists in the system using WMI, COM, and Registries and behaves like a file-less.