EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Cybercriminals Exploit SVB’s Collapse; Emotet Returns & BatLoader Abuses Google Ads 

This issue of the Analyst Prompt looks at the impact SBV’s collapse has had on the cyber threat landscape, Emotet return after a three-month hiatus and the distribution of malware through abusing Google search ads.

EclecticIQ Threat Research Team March 23, 2023

the-analyst-prompt-website-banner-5

Criminal Actors Exploit SBV Collapse for Financial Gain

Criminal actors take advantage of the Silicon Valley Bank (SVB) collapse, likely to steal information and money (1). Security researchers have observed a large spike in typosquatted domains likely impersonating SVB (2). Several domains observed are part of a cryptocurrency scam that claim to be offering free United States Dollar Coins (USDC) as part of the SBV USDC payback program. The scam instructs the victim to scan a QR code using any cryptocurrency wallet. If scanned, the code will result in the compromise of the user’s wallet (1).

Criminal actors consistently use current major events to target victims for financial gain. The SVB collapse is not the first time threat actors have exploited a major event. During the COVID-19 pandemic, several actors used COVID-19 email phishing lures to encourage targets to click on the attachment (3). Actors were also seen to take advantage of sporting events such as the FIFA 2022 World Cup. Security researchers observed domains mimicking legitimate webpages, fake mobile apps, and fraudulent social media pages (4).

Emotet Distribution Returns After Three-Month Hiatus

The Emotet botnet resumed email distribution on March 7th 2023, replying to existing email chains with an attached ZIP file. The attached ZIP file is not password protected, uses themes related to finances and invoices, and contains a Microsoft Office document with macros. The macro downloads an Emotet DLL file and executes it on the system (5).

Emotet’s use of Macros are likely to be less effective than in earlier campaigns. Microsoft’s update in July 2022 disabled macros from files downloaded from the internet, including email attachments makes user execution of the macros more difficult (6). The operators of this campaign may switch to a different method to deliver the Emotet payload such as using Microsoft OneNote documents or LNK files.

BatLoader Likely Being Distributed by Google Search Ads

The downloader BatLoader has been observed abusing the Google Search Ads feature to deliver Vidar Stealer and Ursnif. Several websites were registered in February 2023 impersonating multiple software products and brands including, ChatGPT, Zoom, Spotify, Tableau, and Adobe. The sites were used as download pages to deliver BatLoader and likely abused Google Search Ads to get exposure to victims (7).

BatLoader is not the only malware family to abuse the Google Search Ads feature recently. Since December 2022, IcedID was observed abusing Google pay per click ads for distribution (8). The lockdown of macros by Microsoft has pushed actors towards different distribution methods to deliver malware (6). With the strong demand for stolen credentials and session tokens, actors are likely to continue to abuse the Google Search Ads feature in the short term. 

About EclecticIQ Intelligence and Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

Please refer to our support page for guidance on how to access the feeds.

You might also be interested in:

Dark Pink APT Group Strikes Government Entities in South Asian Countries 

Enabling File Integrity Monitoring on Windows with Osquery and EclecticIQ Endpoint Response

DeFi Hack Recovers Stolen Funds; Blacklotus Bypasses Windows Secure Boot


Appendix

  1. https://blog.cyble.com/2023/03/14/svb-collapse-triggers-heightened-cybersecurity-concerns/
  2. https://isc.sans.edu/diary/Incoming+Silicon+Valley+Bank+Related+Scams/29630/
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-099a
  4. https://www.reliaquest.com/blog/cyber-threats-to-the-fifa-world-cup-qatar-2022/
  5. https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/
  6. https://learn.microsoft.com/en-gb/DeployOffice/security/internet-macros-blocked#block-macros-from-running-in-office-files-from-the-internet%22
  7. https://www.esentire.com/blog/batloader-continues-to-abuse-google-search-ads-to-deliver-vidar-stealer-and-ursnif
  8. https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html  

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2023 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo