Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 09/11/2021

9th of November 2021 - Winners of the 45th week : Redline, Formbook and Lokibot.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

09/11/2021

Distribution :

TLP : WHITE  

What's new?

Snake(NC) / Nanocore (ID Mitre: S0336)

New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns

#Proofpoint released a report about a new cyber threat actor, #TA2722. Impersonating multiple Philippine Government entities, TA2722, aka #Balikbayan Foxes, delivers Remote Access Trojan (#RAT) such as #Remcos or #Nanocore through several phishing campaign targeting a lot of different industries in Europe, North America or Southeast Asia. Remcos and Nanocore are #information stealers using multiple mechanism to gather #credentials or command compromised computers. During this campaign, they used OneDrive url linked to #RAR files, #PDF email attachment with #OneDrive link leading to malicious executable or infected #Excel File. During the investigation, Proofpoint identified two threat clusters, #Shahzad73 and #CPRS, which shared some targets, IP addresses and a common email used for domain registration.

 

https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread

 

Download the report

 

 

Print Email