HC3 Analyst Note

Sep 8, 2020
In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult.
Sep 8, 2020
In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult.
Aug 31, 2020
A new phishing campaign is using COVID-19 personal protective equipment (PPE)-themed lures to spread Agent Tesla malware. This difficult-to-detect remote access Trojan (RAT) provides attackers with a dashboard to monitor the malware’s keylogging and information stealing capabilities.
Aug 21, 2020
Researchers recently revealed an information about a vulnerability affecting the electronic chips that enable mobile communication in millions of internet connected devices.
Jul 28, 2020
On 20 July, 2020, the first of what would become almost 4,000 unsecured and public-facing databases were completely destroyed. No explanation or ransom note was provided in what has been dubbed the ‘meow’ attacks. A number of recommendations on mitigating Meow attacks are available in the full…
Jul 27, 2020
The Emotet botnet, administered by the cybercrime group TA542, emerged from a five-month hiatus on July 13, 2020.
Jul 27, 2020
The Emotet botnet, administered by the cybercrime group TA542, emerged from a five-month hiatus on July 13, 2020. Emotet, the number one malware of 2019, infects new devices by enticing victims to execute malicious macros embedded in Microsoft Word documents. Once infected, the devices may be…
Jul 21, 2020
Thanos ransomware, first noted in January 2020, is unremarkable apart from the RIPlace anti-ransomware evasion technique that is available as one of its paid-for features.
Jul 8, 2020
The information technology vendor, F5, disclosed a significant vulnerability in their BIG-IP suite of tools which, when exploited, allows for remote code execution ultimately leading to complete compromise of the host and the potential for further compromise of the network which it sits on.