Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 29/06/2021

29nd of June 2021 - Winners of the 26th week : njRAT, Redline and Formbook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

29/06/2021

Distribution :

TLP : WHITE  

What's new?

Hancitor (ID Mitre : S0499 )

Hancitor Continues to Push Cobalt Strike

Hancitor is a trojan downloader used to deliver several malwares. The infection vector starts with a malicious Office document followed by the dropping of #Pony, #Vawtrak, #DELoader or #Flicker Stealer. From that stage a Cobalt Strike beacon payload is leveraged to perform post infection activities. After the first infection, the payload tries to find a second target by alternating discovery and silent phases. Even though this downloader is a long-standing threat, the integration of Cobalt Strike payloads provides versatility such as lateralization phases required upon doxware attacks leveraging for instance Cuba doxware as reported by GroupIB in the recent past.

https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/

 

Download the report