Malware Families  - Malware Families - Hackers Used US-based web servers to Distribute 10 Malware Families

Hackers used hosting in the United States to host families and distributed them through mass phishing campaigns.

The hosted malware families include five banking Trojans, two ransomware and three information stealer malware families. The malware includes familiar ones such as Dridex, GandCrab, Neutrino, IcedID, and others.

Malware Family Type
Dridex Banking Trojan
Gootkit Banking Trojan
IcedID Banking Trojan
Nymaim Banking Trojan
Trickbot Banking Trojan
Fareit Information stealer
Neutrino Information stealer
AZORult Information stealer
GandCrab Ransomware
Hermes Ransomware

Bromium has tracked the operations so closer for a year and says, “Multiple malware families were staged on the same web servers and subsequently distributed through mass phishing campaigns.”

Cybercriminals reuse the same servers to host different malware that indicates collaboration of common entity between the malware operators.

The malware families hosted in the server but they have separation with C2 servers, which indicates one actor responsible for email and hosting and another for malware operations.

Malware Families & Campaigns

Attackers distribute the malware through phishing campaigns that malicious word documents and utilize the social engineering tricks to lure victims in executing the embedded VBA macro.

According to Bromium, “the malware identified primarily targets an anglophone audience because all the phishing emails and documents we examined from campaigns linked to the hosting infrastructure were written in English.”

The malware hosted servers run the default installations of CentOS and Apache HTTP, and the payloads are compiled and hosted in less than 24 hours.

All the malware are distributed with phishing emails that carry macro embedded malicious word documents that contain links pointed to malware hosted servers.

Malware Families  - Malware Families1 - Hackers Used US-based web servers to Distribute 10 Malware Families

“63% of the campaigns delivered a weaponized Word document that was password protected, with a simple password in the message body of the email, such as ‘1234’ or ‘321’,” Bromium said.

The recent report from IBM, states that the major cybercrime groups connected together in explicit collaboration and continues to exchange their scripts, tactics, and techniques to bypass the measures and to evade from law enforcement agencies.

You can find the IOCs in Bromium report.

You can follow us on LinkedinTwitterFacebook for daily updates also you can take the Best Cybersecurity courses online to keep your self-updated.





Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here