Indicateurs de compromission (IOCs) identifiés
Rapports de compromission identifiés (regroupement d’IoCs)
HIGHLIGHT OF THE MONTH
This isn’t the first time we’ve seen the Emotet developers ” go on vacation “. After almost five months without any significant activity, Emotet is back with new features.
It now loads not only the IcedID banking trojan but also the XMRig miner, uses new anti-detection techniques and has switched its code to 64-bit. The use of .xls files is also retained with new socio-engineering techniques to make the user activate the macros which then allows the Emotet library to download and load into memory.
As a reminder, Emotet is one of the most dangerous Trojans ever created. This malicious program has become increasingly destructive as it has become more sophisticated. Emotet constantly modifies its TTPs (Tactics, Techniques & Procedures) to ensure that existing detection rules cannot be applied.
DEFINITION OF THE MONTH
Trojan is a type of malware that disguises itself as a legitimate program, from a simple e-mail attachment to a copy of pirated software available on the Internet, in order to be discreetly downloaded onto the victim’s computer, hence its name, which refers to the Trojan horse of antiquity. It is not strictly speaking a virus because it cannot self-execute or spread directly.
In its most basic form, the Trojan simply executes a malicious feature on the victim machine locally. In this case, there is a sub-category called Remote Access Trojan (RAT), which is the most widespread and which, once the computer is infected, allows it to be taken over remotely. In this case, it is called Backdoor because the Trojan opens a backdoor so that the attacker can spy on his target, steal his data, or download other malware or tools such as a C&C (defined in our August 2022 barometer) in order to propagate. It also uses persistence techniques such as T1543 or T1053 to create new services (Create or Modify System process) or schedule tasks (Scheduled Task/Job), while executing the commands that the attacker transmits.
The most famous Trojan horse of the last few years is Emotet, which we already talked about in March, and whose return is the subject of this month’s highlight.
ABOUT THE CYBER THREATS BAROMETER
Malware, zero-day vulnerabilities, advanced persistent threats, industries and sectors particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected in the previous month by Gatewatcher CTI , our Cyber Threat Intelligence platform.
Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than three thousand data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.