vbs.lampion (Back to overview)

vbs.lampion


Malware is delivered by emails, containing links to ZIP files or ZIP attachments. The ZIP contains a VBscript that, when executed, downloads additional files from AWS S3, Google Drive or other cloud hosting services. The downloaded files are encrypted .exe and .dll files.
The malware targets banking clients in Portugal.

References
2019-12-30 ⋅ Check PointCheck Point
@techreport{point:20191230:threat:e0f0191, author = {Check Point}, title = {{THREAT INTELLIGENCE REPORT}}, date = {2019-12-30}, institution = {Check Point}, url = {https://research.checkpoint.com/wp-content/uploads/2019/12/Threat_Intelligence_News_2019-12-30.pdf}, language = {English}, urldate = {2020-01-08} } THREAT INTELLIGENCE REPORT
vbs.lampion
2019-12-26 ⋅ Seguranca InformaticaPedro Tavares
@online{tavares:20191226:targeting:aeef71f, author = {Pedro Tavares}, title = {{Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax}}, date = {2019-12-26}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/}, language = {English}, urldate = {2020-01-09} } Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
vbs.lampion

There is no Yara-Signature yet.