Ensure Office macros and Windows Script Host are disabled where not strictly necessary.
Deploy Endpoint Detection and Response tools to catch PowerShell execution and suspicious network callbacks. Keonbeng.rar
Malicious shortcuts that execute PowerShell commands. CHM Files: Compiled HTML Help files used to drop backdoors. Ensure Office macros and Windows Script Host are
To protect your organization from Keonbeng-style attacks, implement the following: Keonbeng.rar
Scripts that communicate with Command & Control (C2) servers. Key Indicators of Compromise (IoCs)
EN 
ES 
FR