Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 08/03/2022

8th of March 2022 - Winners of the 10th week : Emotet, NjRAT and Redline.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

08/03/2022

Distribution :

TLP : WHITE  

What's new?

Formbook (NC)

Beware of malware offering “Warm greetings from Saudi Aramco”

Last week, #MalwareBytes Threat Intelligence Team discovered a malware campaign targeting #Oil and Gas Sector compagnies.

This targeted email campaign exploited an old vulnerability, #CVE-2017-11882, through an embedded #Microsoft Excel object inside a #pdf file. When opened, the file tries to download the remote template which exploits the vulnerability and then downloads the malware, #Formbook. This vulnerability allows an attacker to execute code with current context of the user. If this user has administrator rights, the malware will take control of the system. There’s also an Excel file in attachment which is a copy of the embedded one functionalities.

The email impersonates a Saudi Arabian public petroleum, #Saudi Aramco, claiming a flash and big opportunity for refinery renovation was possible.

#Formbook is active since 2016 and is one of the most established #information stealer constantly evolving to stay attractive to attackers.

https://cisotimes.com/email-which-claims-to-come-from-saudi-aramco-delivers-malware/

 

Download the report