The intelligence in this week’s iteration discuss the following threats: Android Ransomware, Hexane Group, LookBack Malware, MageCart, and TrickBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Latest TrickBot Campaign Delivered via Highly Obfuscated JS File (August 5, 2019)Another TrickBot variant has been identified by TrendMicro, spreading through spam. TrickBot has the ability to delete files located in removable and network drives, along with stealing information on the CPU, installed programs and services, IP configuration, memory information, network information, operating system, and user accounts. The trojan is spread through spam email prompting the user to open the attached Word document which contains a Javascript script disguised by using the same font colour as the background. Once running, the Javascript file checks the number of running processes, and continues only if there are enough running processes for evasion.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Data Obfuscation - T1001 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 | [MITRE ATT&CK] Query Registry - T1012 | [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | [MITRE ATT&CK] Spe ..
Support the originator by clicking the read the rest link below.
