SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
Description: Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.
Reference: https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
Snort SIDs: 54373 - 54376
Title: Qbot reemerges, goes after American banks
Description: The ever-changing Qbot information-stealing malware is back again and going after U.S.-based banks. Researchers say the malware family has a six-hour cycle that is uses to adapt and avoid detection. Attackers are spreading the malware via phishing emails, publicly reported exploits or malicious file shares. Qbot waits quietly on the victim machine until they visit a bank's website, and then it activates to steal the users' login credentials.
Reference: https://threatpost.com/qbot-trojan-us-banking-customers/156624/
Snort SIDs: 54384 - 54387