Rubella Macro Builder Malware Kit
A new malware builder and loader has been observed distributing the Panda and Gootkit financial trojans. Rubella Macro Builder is sold on various dark web sites, offering technically unskilled attackers the ability to perform advanced attacks.
First offered for sale in late February for the relatively low price of $500 USD per month, the Rubella Macro Builder has since undergone various updates, additions, and pricing changes.
Malware generated by Rubella is typically delivered via malicious Microsoft Word or Excel attachments distributed in phishing campaigns, although additional modules can be purchased which allow for different infection vectors and file types.
As with the distribution mechanism, the delivered malware’s function and purpose are chosen beforehand by the attacker. Multiple encryption algorithms and execution methods are available.
URL’s To Block
http://www.senescence[.]info/download/Loader.exe [ Panda Banker Download URL ]
hxxps://I9I6m1w6[.]top [ Panda Banker Config Domain ]
hxxp://5.9.178[.]94/dIutBvNbct.exe [ Gootkit Banker Download URL ]
Affected Platforms
Microsoft Windows – All versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.