Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 31/08/2021

31th of August 2021 - Winners of the 35th week : Raccoon, Redline and njRAT.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

31/08/2021

Distribution :

TLP : WHITE  

What's new?

NjRAT (ID Mitre: S0385) / AsyncRAT (NC)

Malicious Campaign Targets Latin America

#Cisco Talos a new version of a malware spam campaign used to deliver multiple Remote Access Tools(#RATs). This campaign targets companies i n sectors such as #travelling and #hospitality and use malicious Office documents with macro as an entry point After #Powershell and #Visualbasic script execution, it delivers RATs such as #NjRAT or #AsyncRAT The threat actor, named #Alosh seems to be the creator of the crypter 3 losh crypter RAT used in this campaign to generate the stages of the infection chain as well as for its evasion capabilities Talos spotted some similarities with technics used by #Aggah group, which could have partnered with #Gorgon Group APT.

 

https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html

 

LokiBot (ID Mitre: S0447)

Malware distribution campaign delivering LokiBot

#Trend Micro discovered a new malware campaign used to deliver #LokiBot This campaign is distributed by multiple well known mechanisms such as #phishing with pdf, docx or excel documents or the exploitation of old vulnerabilities within an RTF file (#CVE-2017-11882) or in Internet explorer (#CVE-2016-0189).

 

https://www.trendmicro.com/en_us/research/21/h/new-campaign-sees-lokibot-delivered-via-multiple-methods.html

 

Download the report