The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Mobile Malware, Patching, PoetRAT, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Gamaredon APT Group Use COVID-19 Lure in Campaigns
(published: April 17, 2020)
Gamaredon have been found to be among the Advanced Persistent Threat (APT) groups taking advantage of the coronavirus pandemic by using COVID-19 lure in recent campaigns. The targeted emails, with subject lines such as "Coronavirus (2019-nCoV)" contains a .docx file which when opened, launch a template injection technique that downloads a template from the internet. The downloaded template then executes a VBScript via malicious micro codes. The routines of the VBScript, observed by IT Security Group Trend Micro, closely match previously reported scripts attributed to Gamaredon.Recommendation: This serves as a reminder to avoid documents that request Macros to be enabled. All employees should be educated on the risk of opening attachments from unknown senders. Anti-spam and antivirus protection should be implemented and kept up-to-date with the latest version to better ensure security. Detection and prevention measures should be taken to ensure that users do not fall victim to phishing. Sophisticated, targeted attacks should be reported to the respective investigative government authorities.MITRE ATT&CK: [MITRE ATT&CK] Spearphishing Attachment - T1193 | [ ..
Support the originator by clicking the read the rest link below.
