May 03, 2022

Red Canary’s Intelligence Insights

Industry: N/A | Level: Tactical | Source: RedCanary

Red Canary’s intelligence insights of threats observed during March 2022 have identified a shift in rankings. SocGholish, previously the top threat slipping to number #8 on the list and Impacket claiming the top spot. The top five threat rankings (highest to least) include Impacket, Mimikatz, Yellow Cockatoo, Cobalt Strike, and BloodHound. Additionally, Emotet has risen on the threat list to the 6th spot (previously #8, and Qbot/Qakbot has dropped to 9th (previously #4)). The Qbot malware was observed in April 2022, adjusting it’s delivery techniques to now incorporate Windows Installer (MSI) packages, when previously utilizing malicious office macros and compressed zip files. Microsoft’s decision to block VBA macros by default, since January 2022, has caused threat actors to adjust.

  • Anvilogic Use Cases:
    • Suspicious Email Attachment
    • Compressed File Execution
    • MSIExec Install MSI File