Just Another Blue Teamer

A new #Horabot campaign was observed targeting the Americas by Cisco Talos Intelligence Group and is the highlight of the #readoftheday! An unknown threat actor is targeting Spanish-speaking users and delivers a banking #trojan and spam tool to their victims. Enjoy and Happy Hunting!

Link is in the comments!

***I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so send me a DM!***

Notable TTPs:
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment

TA0002 - Execution
T1204.001 - User Execution: Malicious Link
T1059.003 - Command and Scripting Interpreter: Windows Command Shell
T1059.001 - Command and Scripting Interpreter: PowerShell

TA0003 - Persistence
T1574.002 - Hijack Execution Flow: DLL Side Loading
T[Let me know what other technique or sub-technique was observed in this article!]

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Jun 1, 2023 at 2:53pmWeb
Show threadJust Another Blue TeamerJun 1, 2023
New Horabot campaign targets the Americas
https://blog.talosintelligence.com/new-horabot-targets-americas/
New Horabot campaign targets the Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.

Cisco Talos Blog