September 8, 2020
In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult. A recent uptick in detections submitted to VirusTotal suggests the actor may be ramping up their operations and the specific malicious documents (maldocs). creation technique detailed in this report is likely to be observed more in the wild. Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) are included in the report.