Severity

Medium

Analysis Summary

Threat group TA505 behind Locky ransomware and Dridex banking Trojan has now resurfaced with their campaign of malicious Covid-19 attachments via phishing emails to lure users to click on the malicious links which supposedly will aware them of the updates regarding the pandemic of Corona virus. The campaign has emerged at a very crucial time when the people around the world have their eyes on the possible vaccine or any other treatment in these trying times. Once delivered, attackers can then download additional types of malware including banking Trojans and ransomware. TA505 is known as one of the most significant financially motivated threat actors due to the extraordinary volumes of messages they send.

Impact

• Credential theft
• Exposure of sensitive data 

Indicators of Compromise

Email Subject

COVID-19 Everything you need to know

Remediation

• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.