Every IT professional has to deal with Malware attacks on a day to day basis. They are very disruptive, a nuisance, and can cause damage as well as loss of data.
So, when there is something new that is introduced to help IT Professionals do their job, and to be able to stop Malware threats, we tend to take notice.
AutoFocus users can now identify and to help stop new malware quickly, especially with the ability to post a signature and quickly see how many other people are facing the same attacks. Unit 42 is using AutoFocus to help quickly search and correlate artifacts across the collective set of WildFire and other Palo Alto Networks threat intelligence networks. Unit 42 was able to associate the attacks with the group publicly known as DragonOK. DragonOK has previously targeted Japanese high-tech and manufacturing firms, but Unit 42 has identified a new backdoor malware, named “FormerFirstRAT,” deployed by these attackers. See the Malware Details section for analysis of the three RATs and two additional backdoors deployed in this persistent attack campaign.
This campaign involved five separate phishing attacks, each carrying a different variant of Sysget malware, also known as HelloBridge. The malware was included as an attachment intended to trick the user into opening the malware. This included altering the icon of the executable to appear as other file types as well as decoy documents to trick users into thinking they had opened a legitimate file.