DBO595

HB1PMS > TECH     25.02.20 13:34l 65 Lines 2514 Bytes #999 (0) @ WW
BID : 2259HB1PMS
Read: GAST
Subj: Adwind 3.0 Found In Ongoing Malspam Campaign
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200224/2020Z 8564@HB1BBS.ZL.NLD.EU BPQ6.0.19

Van: HB1PMS@HB1BBS.ZL.NLD.EU

Adwind 3.0 Found In Ongoing Malspam Campaign Targeting Over 80 Turkish 
Companies
The campaign is carried out via phishing emails.
The phishing email includes a malicious Office file attachment that drops 
the malware.
An ongoing malspam campaign that has targeted more than 80 Turkish companies 
has been detected recently. The campaign is carried out via phishing emails 
that have been designed to distribute Adwind 3.0 RAT.

How does the campaign work?

Discovered by Check Point researchers, the initial attack vector starts with 
a phishing email that includes a malicious Office file attachment. The file 
is in a BIFF format and is heavily obfuscated with several evasion 
techniques to avoid detection.

Once the malicious file is opened, it drops the Adwind 3.0, which is 
configured to steal sensitive information. The stolen data is later sent to 
the attacker’s C2 server.

What are the capabilities of Adwind 3.0?

The Adwind 3.0 allows attackers to:

Take screenshots;
Take pictures and record videos or sounds from the PC;
Steal files, cached passwords and web data;
Collect keystrokes;
Collect VPN certificates;
Move laterally in the network; and
Control the SMS system of Android devices.
What organizations should do?

Security professionals can help their organizations defend against attacks 
such as the attack by developing and refining processes for promptly 
responding to successful phishing and business email compromise (BEC) 
attacks. Companies should also conduct simulated phishing attacks to 
evaluate the preparedness of their team against any kind of email phishing 
attacks.

73 Henk.

======================================================================
  _    _ ____  __ ____  ____   _____ 
 | |  | |  _ \/_ |  _ \|  _ \ / ____|  SYS: Henk (hb1nos@hb1bbs.com)
 | |__| | |_) || | |_) | |_) | (___    QTH: Ouwerkerk - JO11XO
 |  __  |  _ < | |  _ <|  _ < \___ \   BBS: HB1BBS.ZLD.NLD.EU
 | |  | | |_) || | |_) | |_) |____) |  QRV: 27.235 MHz (FM 1200bps)
 |_|  |_|____/ |_|____/|____/|_____/   WEB: www.hb1bbs.com

======================================================================

** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93  

======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed maandag 24 februari 2020  21:13 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU





Lese vorherige Mail | Lese naechste Mail