SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.lampion (Back to overview)

lampion

Malware is delivered by emails, containing links to ZIP files or ZIP attachments. The ZIP contains a VBscript that, when executed, downloads additional files from AWS S3, Google Drive or other cloud hosting services. The downloaded files are encrypted .exe and .dll files.
The malware targets banking clients in Portugal.

References
2022-09-09CofenseAndy Mann, Dylan Main
@online{mann:20220909:lampion:daaabc4, author = {Andy Mann and Dylan Main}, title = {{Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing}}, date = {2022-09-09}, organization = {Cofense}, url = {https://cofense.com/blog/lampion-trojan-utilizes-new-delivery-through-cloud-based-sharing}, language = {English}, urldate = {2022-09-13} } Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing
lampion
2022-03-13Security AffairsPierluigi Paganini
@online{paganini:20220313:hidden:c809849, author = {Pierluigi Paganini}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-03-13}, organization = {Security Affairs}, url = {https://securityaffairs.co/wordpress/128975/malware/hidden-c2-lampion-trojan-release-212.html}, language = {English}, urldate = {2022-03-14} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2022-02-26Seguranca InformaticaPedro Tavares
@online{tavares:20220226:hidden:544b0bd, author = {Pedro Tavares}, title = {{The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years}}, date = {2022-02-26}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/the-hidden-c2-lampion-trojan-release-212-is-on-the-rise-and-using-a-c2-server-for-two-years}, language = {English}, urldate = {2022-03-04} } The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years
lampion
2021-07-19Palo Alto Networks Unit 42Mark Lim
@online{lim:20210719:evade:51a9e1f, author = {Mark Lim}, title = {{Evade Sandboxes With a Single Bit – the Trap Flag}}, date = {2021-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/single-bit-trap-flag-intel-cpu/}, language = {English}, urldate = {2021-07-26} } Evade Sandboxes With a Single Bit – the Trap Flag
lampion
2021-02-10Seguranca InformaticaPedro Tavares
@online{tavares:20210210:lampion:538cd64, author = {Pedro Tavares}, title = {{Lampion trojan disseminated in Portugal using COVID-19 template}}, date = {2021-02-10}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/lampion-trojan-disseminated-in-portugal-using-covid-19-template/}, language = {English}, urldate = {2021-02-18} } Lampion trojan disseminated in Portugal using COVID-19 template
lampion
2020-07-06Seguranca InformaticaPedro Tavares
@online{tavares:20200706:new:04c88bd, author = {Pedro Tavares}, title = {{New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader}}, date = {2020-07-06}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/new-release-of-lampion-trojan-spreads-in-portugal-with-some-improvements-on-the-vbs-downloader}, language = {English}, urldate = {2020-07-07} } New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
lampion
2020-05-11Seguranca InformaticaPedro Tavares
@online{tavares:20200511:trojan:65a40dd, author = {Pedro Tavares}, title = {{Trojan Lampion is back after 3 months}}, date = {2020-05-11}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/trojan-lampion-is-back-after-3-months/}, language = {English}, urldate = {2020-05-13} } Trojan Lampion is back after 3 months
lampion
2019-12-30Check PointCheck Point
@techreport{point:20191230:threat:e0f0191, author = {Check Point}, title = {{THREAT INTELLIGENCE REPORT}}, date = {2019-12-30}, institution = {Check Point}, url = {https://research.checkpoint.com/wp-content/uploads/2019/12/Threat_Intelligence_News_2019-12-30.pdf}, language = {English}, urldate = {2020-01-08} } THREAT INTELLIGENCE REPORT
lampion
2019-12-26Seguranca InformaticaPedro Tavares
@online{tavares:20191226:targeting:aeef71f, author = {Pedro Tavares}, title = {{Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax}}, date = {2019-12-26}, organization = {Seguranca Informatica}, url = {https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/}, language = {English}, urldate = {2020-01-09} } Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
lampion

There is no Yara-Signature yet.