Ursnif and Gozi Malware on the Rise
Though tracked separately in our platform, Ursnif and Gozi are by far the most-reported malware families from this past week.
Fileless Threats: Kovter Malware
We're also seeing a rise in Kovter activity. As always, the best advice is to make sure your systems are patched and to be vigilant in detecting and blocking malicious spam as a significant percentage of malware is delivered via email. If you're interested in learning more about fileless threats, Microsoft has a good summary here.
Emotet Still Prevalent
Emotet remains one of the top malware delivery vehicles on the web and it is used to deliver Ursnif/Gozi among other malware. Therefore it's not surprising to see Emotet remaining in the top threats seen on the platform. According to @MalwareTechBlog, "last October Emotet began stealing the content of victim's emails and [this month] it appears Emotet is using the stolen emails to fake replies to existing email chains with malware on a massive scale." You can see the latest indicators for Emotet via TruSTAR.
View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:
Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: