SPANISH LANGUAGE LURES USED TO DISTRIBUTE SELDOM OBSERVED BANDOOK MALWARE

spanish

Proofpoint researchers identified a new group, TA2721 distributing Spanish-language email threats.
The group often targets individuals with Spanish-language surnames at global organizations representing multiple different industries.

The infection chain features a PDF containing a URL that leads to an encrypted RAR file which installs Bandook malware.

The threat actor tends to use the same command and control (C2) infrastructure for weeks or months at a time.
Proofpoint has only seen three different C2 domains.

Bandook is an old malware that is not used by many threat actors.