SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Aggah spam campaign upgrades, finds new ways to avoid detection
Description: A new Aggah campaign pushes malicious Microsoft Office documents (maldocs) via malicious spam (malspam) emails distributing a multi-stage infection to a target user's endpoint. The final payload of the infection consists of a variety of Remote-Access-Tool (RAT) families such as Agent Tesla, njRAT and Nanocore RAT. Consistent with previous Aggah campaigns, this campaign also focuses on the use of pastebin[.]com for all its infrastructure needs. However, this campaign now utilizes multiple Pastebin accounts to host different stages of the attack.
Reference: https://blog.talosintelligence.com/2020/04/upgraded-aggah-malspam-campaign.html
Snort SIDs: 53745 - 53748
Title: Microsoft warns of Remcos campaign using COVID-19-themed lures
Description: A series of Remcos campaigns launched across the globe are using COVID-19-themed lure files to infect users. Microsoft says attackers are using specially crafted disk image files that contain malware, targeting major government agencies such as the U.S. Small Business Administration and manufacturing companies in South Korea. The phishing emails use subject lines related to the COVID-19 pandemic to trick users into opening the emails.
Snort SIDs: 53793 - 53796