Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 03/08/2021

3rd of August 2021 - Winners of the 31th week : Redline, njRAT and FormBook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

03/08/2021

Distribution :

TLP : WHITE  

What's new?

Redline (NC)

Tokyo Olympic ticket purchaser information leaked online

Tokyo Olympic ticket purchaser seems to be victims of information #stealer, such as #Redline. According to officials, they already took measures to prevent leakage to spread wildly but, for the moment, the passwords and usernames of the volunteers as well as the buyers of tickets for the Olympic and Paralympic events have been identified on the dark web. If those are used by an attacker, they could access to more personal data of the victim like a registered bank account.

 

https://english.kyodonews.net/news/2021/07/2ee279d7df2b-urgent-tokyo-olympic-ticket-purchaser-information-leaked-online.html

 

Lokibot (ID Mitre : S0447)

Vulnerability used to deliver Lokibot fixed by Microsoft

#Microsoft released a patch to correct vulnerability CVE-2017-11882 related to #Microsoft Equation Editor (MEE), a component of Microsoft Office. MEE contains a stack buffer overflow that could be exploited as a #Remote Control Execution. This vulnerability is known to be used to deliver Lokibot malware as observed by #CISA in September 2020. .

 

https://us-cert.cisa.gov/ncas/alerts/aa21-209a

Download the report

 

 

Print Email