Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 30/11/2021

30th of November 2021 - Winners of the 48th week : Redline, Formbook and njRAT.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

30/11/2021

Distribution :

TLP : WHITE  

What's new?

FormBook (NC) / Remcos (ID Mitre: S0332)

New JavaScript malware works as a “RAT dispenser”

#HewlettPackard Wolf Security researchers have discovered a new #JavaScript Loader, named #RATDispenser, which is roaming at least for 3 month and is distributing Remote Access Trojan (#RAT) such as #Remcos or #Formbook. All payloads delivered by this loader can #steal information from the victim or control its device. RATDispenser is designed to evade most of the detection mechanism by using file type masquerade (txt instead of JS), using eval function to obfuscate JavaScript code or adding a second obfuscation layer with an #ActiveX control execution. A retrohunt on the last three month identified more than 150 samples, three variants of this loader and eight malwares dropped by it. The number of malware that this loader can drop suggests that the author of RATDispenser may be operating under the malware as a service (#MaaS) business model.

 

https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/

 

Download the report

 

 

Print Email