Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 13/07/2021

13th of July 2021 - Winners of the 28th week : njRAT, Redline and AsyncRAT.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

13/07/2021

Distribution :

TLP : WHITE  

What's new?

Agent Tesla (ID Mitre : S0331)

 

FormBook (NC)

Phishing campaign targeting Energy sector

Intezer unveils a phishing campaign targeting the Energy sector and their suppliers. Attackers used spoofed or typosquatted emails to impersonalize legitimate business emails and attached IMG, ISO or CAB files. Such archives contain diverse malicious binary payloads such as data stealers, malwares-as-a-service (#Maas), #FormBook or #AgentTesla but also other threats like #Loki, #SnakeStealer and #AZORult.   The companies impacted by those campaigns were located in South Korean ( in which emails pretended to be sent by Hyundai Engineering Co.) and to a less extent in America, Germany or in United Arab Emirates.

 

https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/

 

Download the report

 

 

Print Email