Tuesday, December 12, 2017

NoobBoy Downloader Campaign

TLP AMBER ANNOUNCEMENT:
 
Starting in mid-October 2017, a new variant of macro downloader malware was leveraged in large-scale fraud driven email campaigns. The attacks appear to target the supply chain of multiple industries and have used an assortment of payloads, including keylogger malware. The common use of the macro variant as well as shared infrastructure and network artifacts indicate a common actor. Wapack Labs has dubbed this activity "NoobBoy" for future tracking. NoobBoy attacks appear to target the supply chain in the shipping, energy and infrastructure sectors. Companies targeted include international companies participating in global markets, including an equipment manufacturer who supplies equipment globally and an oil, gas and mineral resource company that participates in the global marketplace...READ MORE

Wapack Labs has cataloged and reported on macro downloader malware and campaigns in the past. An archive of related reporting can be found in the Red Sky Alliance portal.   

WWW.WAPACKLABS.COM 

This TLP AMBER report is available only to Red Sky Alliance members.