Research Saturday 5.29.21
Ep 185 | 5.29.21

EtterSilent: a popular, versatile maldoc builder.

Show Notes

Guest Brandon Hoffman of Intel 471 joins Dave Bittner to share his team's research "EtterSilent: the underground’s new favorite maldoc builder". The cybercrime underground often mimics behaviors that we see in everyday facets of life. Intel 471’s latest discovery is an example of one of these patterns: when a product takes off in the marketplace, users will rush to obtain it and find unique ways to use it in order to fit their needs.

The latest “product” is a malicious document builder, known in the underground as “EtterSilent,” that Intel 471 has seen leveraged by various cybercrime groups. As it has grown in popularity, it has constantly been updated in order to avoid detection. Used in conjunction with other forms of malware, it’s a prime example of how ease of use and a concentration of skill sets leads to a commoditization of the cybercrime economy.

The research can be found here: