- CREATED 1 HOUR AGO by AlienVault
- Public
- TLP: White
In 2021 ESET detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, they found new functionality and changes to this malware, known as Bandook. They also found that this campaign targeting Venezuela, despite being active since at least 2015, has somehow remained undocumented. Given the malware used and the targeted locale, they chose to name this campaign Bandidos.
REFERENCE:https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/
TAGS:bandidos, bandook, rat, dropper
INDUSTRIES:Retail, Healthcare, Construction, Manufacturing
TARGETED COUNTRY:Venezuela, Bolivarian Republic of
MALWARE FAMILY:Bandook
ATT&CK IDS:T1140 – Deobfuscate/Decode Files or Information, T1553 – Subvert Trust Controls, T1218 – Signed Binary Proxy Execution, T1059 – Command and Scripting Interpreter, T1082 – System Information Discovery, T1176 – Browser Extensions, T1530 – Data from Cloud Storage Object, T1490 – Inhibit System Recovery, T1025 – Data from Removable Media, T1027 – Obfuscated Files or Information, T1041 – Exfiltration Over C2 Channel, T1048 – Exfiltration Over Alternative Protocol, T1055 – Process Injection, T1057 – Process Discovery, T1083 – File and Directory Discovery, T1112 – Modify Registry, T1113 – Screen Capture, T1123 – Audio Capture, T1125 – Video Capture, T1204 – User Execution, T1547 – Boot or Logon Autostart Execution, T1566 – Phishing, T1573 – Encrypted Channel, T1566.001 – Spearphishing Attachment, T1204.001 – Malicious Link, T1204.002 – Malicious File, T1055.012 – Process Hollowing, T1547.001 – Registry Run Keys / Startup Folder, T1573.001 – Symmetric Cryptography, T1048.002 – Exfiltration Over Asymmetric Encrypted Non-C2 Protocol