Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 17/11/2021

17th of November 2021 - Winners of the 46th week : Redline, NjRAT and Formbook .

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

17/11/2021

Distribution :

TLP : WHITE  

What's new?

NjRAT (ID Mitre: S0385) / AsyncRAT(NC)

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

#Microsoft 365 Defender Threat Intelligence Team published a report about an evasive technique, #HTML smuggling. This technique permit to use #HTML5 and #JavaScript legitimate features to generate malicious files on the victim behind the firewall and execute them. The main objective of this technique is to bypass most of standard security controls performed by pattern or signature that could use email gateway or web proxies by using features like JavaScript Blob or the “download” attribute of a href HTML object. Microsoft Threat Intelligence Center (#MSTIC) published a detailed analysis of sophisticated email attack from threat actor #NOBELIUM where HMTL smuggling was used to deliver some Remote Access Trojan such as #AsyncRAT or #NjRAT and more recently to delivers #Trickbot in a campaign related to a new threat actor tracked by MSTIC as #DEV-0193.

 

https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

 

Download the report

 

 

Print Email