HC3 Analyst Note TLP White: Maldocs used to Deliver Information Stealer

September 8, 2020

In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult. A recent uptick in detections submitted to VirusTotal suggests the actor may be ramping up their operations and the specific malicious documents (maldocs). creation technique detailed in this report is likely to be observed more in the wild. Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) are included in the report.

Related Resources

Advisory
Member
Advancing Health Podcast
Public
Case Studies
Public
AHA Center for Health Innovation Market Scan
Public
AHA Center for Health Innovation Market Scan
Public
Fact Sheets
Member