Sleepy Chanitor Variant Sidesteps Sandboxing
"Security experts have spotted targeted malware aimed at enterprise users which is designed to deliberately evade automatic sandbox analysis and connect to the Tor anonymizing network.
Phishing emails were personalized in the welcome line and claimed that the recipient had been assigned “administrator permissions” on the Microsoft Volume Licensing Service Center (VLSC), according to Martin Nystrom, member of Cisco’s Computer Security Incident Response Team (CSIRT)."