Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 07/06/2022

7th of June 2022 - Winners of the 23th week : Redline, NjRAT and AgentTesla.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

07/06/2022

Distribution :

TLP : WHITE  

What's new?

Formbook (NC)

XLoader Botnet: Find Me If You Can

#Checkpoint research team uncovered new versions of #XLoader with updated protection mechanism and camouflaging capabilities.

#XLoader is based off #Formbook and receive updates much more frequently than its predecessor. The last version observed go back to early 2020 which suggests it is now discontinued in favor of #XLoader.

In their article they explain the changes, especially the process of camouflaging C&C servers as web hosting domains (fake Hostinger and Namecheap being the most common), in v.2.5. They also provide ways to identify C&C domains among others.

This new version brings the most changes, but a v.2.6 was also spotted, bringing minor improvement to the way it communicates.

https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/

 

Download the report