WTB: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

Weekly Threat Briefing: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

March 19, 2019 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malspam, Malware, Phishing, Point-of-Sale, Ransomware, RAT, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

Lazarus Group
The Chinese APT group called “Winnti” (also known as Threat Group-3279) has been active since at least 2009, and is known to attack gaming companies to steal digital certificates and source code. Winnti was discovered in 2011 when researchers put together clues as to why an unspecified amount of computers had been infected with a new trojan. The clue led researchers to identify that all the infect machines shared on similarity in that they all played a well-known online game. It was then determined that the game users had been infected by receiving updates from a compromised server that belonged to the company.

Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.