Weekly Intelligence Bulletin – Week 34

27. August 18

QuoScient’s Weekly Intelligence Bulletin for the week of 16 August – 23 August 2018 is now available for download in the Media Center! Find below a summary.


Vulnerabilities Researchers disclosed a critical remote code execution vulnerability (CVE-2018-11776) that exists in Apache Struts versions 2.3 through 2.3.34, Struts 2.5 through 2.5.16, as well as some unsupported versions. At the time of writing, QuoINT has not observed any exploitation activity in the wild, although a Proof of Concept (POC) code is available.

Current Threats Researchers discovered a malware campaign targeting customers of Mexican financial institutions, with a banking Trojan named Dark Tequila, in order to steal financial information and login credentials to popular websites.

Researchers uncovered a malspam campaign targeting banks that include an attachment, that when opened, leads to the download of the Remote Access Trojan known as FlawedAmmyy. The email attachment in the campaign is different from ones typically observed using Microsoft Office files to infect the victims’ system because it uses a Publisher file, rather than a Word or Excel document.

Researchers discovered a new malware called Marap after observing a phishing campaign targeting financial institutions globally, including, the U.S., Pakistan, and Germany.


The total market capitalization of the cryptocurrency market slightly increased by 4 percent. Although the capitalization spiked twice during the week, the DDoS attack on the exchange BitMEX, as well as the SEC rejecting several ETF applications might have hindered greater overall increases.

Venezuela’s President Maduro launched a new currency, backed by a cryptocurrency, to curb the country’s hyperinflation. Economists are sceptical if this will succeed in remedying Venezuela’s economic crisis.


Cyber operations which target the U.S. mid-term elections, taking place in November, are reportedly increasing. The Democratic National Committee reported an attempted cyberattack, while Microsoft took down domains which were reportedly set up to target the elections.

The diplomatic tensions between Tehran and Washington further escalated after Tehran threatened to target the U.S. and Israel, if Iran was “harmed”. This comes after the U.S. re-imposed sanctions on Iran.


30 August – Informal Meeting of E.U. Foreign Affairs Ministers