Flash Advisories

Spanish Language Lures used to Distribute Seldom Observed Bandook Malware

Proofpoint researchers identified a new group, TA2721 distributing Spanish-language email threats.
The group often targets individuals with Spanish-language surnames at global organizations representing multiple different industries.
The infection chain features a PDF containing a URL that leads to an encrypted RAR file which installs Bandook malware. 
The threat actor tends to use the same command and control (C2) infrastructure for weeks or months at a time.
Proofpoint has only seen three different C2 domains.
Bandook is an old malware that is not used by many threat actors.
Spanish Language Lures used to Distribute Seldom Observed Bandook Malware

Comments are closed.