Threat actors from TA5O5 APT groups distribute malicious spam email campaigns with a new set of malware tools via attached malicious word and excel documents.
TA505 hacking group believed to reside in Russia and the threat actors from this group involved in various high profile cyber attacks including infamous Dridex, Locky ransomware, ServHelper malware, FlawedAmmyy, delivered through malicious email campaigns.
Researchers observed two malware tools from this campaign. First, one named as Gelup that was uncovered on June 20, and it mainly abusing the user account control (UAC). Gelup also acts as a loader to help other malware to infect the targetted system, and this tool using the same packer used by FlawedAmmyy remote access trojan.
Another malware tool called FlowerPippi found in the new campaign that targets users reside in Japan, India, and Argentina.