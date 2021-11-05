Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. Japan
  4. Japan Exchange
  5. Trend Micro Incorporated
  6. News
  7. Summary
    4704   JP3637300009

TREND MICRO INCORPORATED

(4704)
  Report
SummaryChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsOther languagesPress ReleasesOfficial PublicationsSector news

A Review and Analysis of 2021 Buer Loader Campaigns

11/05/2021 | 08:08am EDT
share with twitter
share with LinkedIn
share with facebook

In this blog entry and technical brief we review Buer Loader 2021 activity and campaigns. Buer Loader is known for entering the underground market at a pointedly competitive price in 2019. Now, it seems that Buer Loader has established itself well and remains actively used by threat actors.

Buer Loader 2021 Lures

Part of Buer Loader's service is to setup a domain to facilitate C&C. This helps researchers better monitor the campaigns involving Buer Loader, because multiple customers or threat actors would end up using the same C&C. Here we give an overview of the distinct aspect of the 2021 campaigns that used Buer Loader.

A campaign in April used emails pretending to be shipping notices from DHL contain the new Buer Loader written in Rust. The attachments were either Word or Excel documents.

Figure 1. Example of a DHL themed email

The email seen in Figure 2 uses a combination of a DHL lure and Covid-19. It is designed to entice users to open the malicious attachment. It also bears a request to not reply to the mail and the common message "if you did not request registration with us, please ignore this email," which are likely additional attempts to reassure users of the content's legitimacy.

Figure 2. The DHL themed lure with a reference to Covid-19

Later campaigns shifted towards using Covid-19 entirely as a lure. Buer Loader was observed in spam runs which referenced vaccination uptake results, healthcare warnings, and current infection rates. Many of these spam runs do not make grammatical sense and should make most users suspicious, as seen in Figure 3.

Figure 3. The Covid-19 themed lure

Rust variant and signed XLL

As mentioned earlier, these campaigns all use the version of the Buer Loader rewritten in the Rust programming language. Aside from being rewritten in Rust, the loader's code remained relatively unchanged which could indicate that this is a ploy to render detections for its C version obsolete. Another interesting update is the use of signed XLL files because it can be misleading for those tasked to defend the system.

While all these are noteworthy developments in Buer Loader, activity for this loader has been continuous since it was first released into the underground market. It has been used to deliver payloads like Ryuk, Wizard Spider, and Cobalt Strike beacon.

Our primary goal is to identify key changes in infrastructure, distribution methods, and the TTPs being used by Buer Loader campaigns. In our technical brief we first review the notable events of the Buer Loader timeline, before delving into its current activities, and detections.

The technical brief can be found here.

Disclaimer

Trend Micro Inc. published this content on 05 November 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 05 November 2021 12:07:08 UTC.


© Publicnow 2021
All news about TREND MICRO INCORPORATED
08:08aA Review and Analysis of 2021 Buer Loader Campaigns
PU
11/04Ctrl+Alt+Truth. Welcome to the future of cybercrime
PU
11/04Trend Micro Enhances Protection for Air-Gapped Industrial Control Systems
PU
11/03TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
PU
11/03Does Home IoT Compromise Enterprise Security?
PU
11/02Deploy Layered Security with Azure GWLB & Trend Micro
PU
10/29This Week in Security News - October 29, 2021
PU
10/29Security Risks with Private 5G Networks in Manufacturing Part. 3
PU
10/27Smart Car Makers VW & Nissan to Build Smart Factories
PU
10/26Hitachi, Trend Micro, Microsoft Japan Agreed to Develop Security Solutions for Connecte..
PU
More news
Financials
Sales 2021 187 B 1 641 M 1 641 M
Net income 2021 32 072 M 282 M 282 M
Net cash 2021 175 B 1 538 M 1 538 M
P/E ratio 2021 28,4x
Yield 2021 2,60%
Capitalization 910 B 8 005 M 7 998 M
EV / Sales 2021 3,94x
EV / Sales 2022 3,66x
Nbr of Employees 6 975
Free-Float 95,3%
Chart TREND MICRO INCORPORATED
Duration : Period :
Trend Micro Incorporated Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends TREND MICRO INCORPORATED
Short TermMid-TermLong Term
TrendsBullishBullishBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus HOLD
Number of Analysts 11
Last Close Price 6 530,00 JPY
Average target price 6 538,00 JPY
Spread / Average Target 0,12%
EPS Revisions
Managers and Directors
Yi Fen Chen President, Group CEO & Representative Director
Mahendra Negi Group CFO, Representative Director & VP
Ming Jang Chang Chairman
Max Cheng Chief Information Officer & Executive VP
Kevin Simzer Chief Operating Officer
Sector and Competitors
1st jan.Capi. (M$)
TREND MICRO INCORPORATED9.93%8 005
MICROSOFT CORPORATION51.26%2 525 985
SEA LIMITED79.33%197 092
ATLASSIAN CORPORATION PLC92.04%113 516
ZOOM VIDEO COMMUNICATIONS, INC.-16.34%83 849
DASSAULT SYSTÈMES SE63.59%82 528