Red Canary Intelligence Insights

  |  Source: 
Red Canary
Information & Technology

Red Canary Intelligence Insights

Red Canary's, monthly Intelligence Insights reports the most prevalent threats for April 2022 were Impacket and Mimikatz, retaining their top 2 positions respectively as the most observed security threats. Notable rises in threat activity came from Gootloader, Qbot, Socgholish, and Raspberry Robin. Raspberry Robin, analyzed by Red Canary, is a "Worm spread by external drives that leverages Windows Installer to download a malicious DLL." New infection vectors for Qbot have been observed using LNK files and MSI packages. The LNK file infection chain begins with delivery through a compressed zip file, the LNK file when executed by the victim runs a PowerShell command to download and execute the Qbot DLL. MSI Packages were identified to be delivered to target victims in place of Microsoft Office Macros. Activity following QBot delivery has involved reconnaissance activity with Bloodhound and Cobalt Strike execution.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now