Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 27/07/2021

27th of July 2021 - Winners of the 29th week : Redline, njRAT and FormBook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

27/07/2021

Distribution :

TLP : WHITE  

What's new?

FormBook (NC)

New variant of Formbook spotted

#Quick Heal Security Labs studied a new variant of #Formbook information #stealer Even if the malware born 5 years ago and can also target #MAcOS systems via its forked version #Xloader Formbook developers remain active as a new variant using steganography was recently spotted by researchers Formbook is known to be used to steal credentials from web browser, capture screenshots, record keystrokes, download and execute files from victim side. According to the author, the initial vector seems to be, as usual, via malicious XML/DOC files or email attachments.

 

https://blogs.quickheal.com/formbook-malware-returns-new-variant-uses-steganography-and-in-memory-loading-of-multiple-stages-to-steal-data/

 

Lokibot (ID Mitre : S0447)

Lokibot delivered by email in Italy

The independent malware hunter @JAMESWT alerts on another email campaign that reached Italy according to @Fbussoletti by delivering a binary EXE file containing #LokiBot malware The email is constructed as an answer of aPurchase order containing pictures of works of art As a reminder, Lokibot is an Android banker #Trojan with core capabilities of stealing sensitive data, as such as credentials and cryptocurrency wallets.

 

https://www.difesaesicurezza.com/areariservatacat/cybercrime-lokibot-ora-e-veicolato-anche-attraverso-opere-darte/

Download the report

 

 

Print Email