{
  "name": "Files with TXZ extension used as malspam attachments",
  "slug": "files-with-txz-extension-used-as-malspam-attachments",
  "description": "A recent report describes a malspam campaign distributing malware payloads in attachments with TXZ file extensions. The attachments were RAR archives with renamed extensions, likely attempting to exploit native TXZ support in Windows 11. Two campaigns distributed the payloads, one with GuLoader malware targeting Spain and Slovakia, the other with Formbook targeting Croatia and Czechia.",
  "published": "2024-05-28T08:59:03+00:00",
  "created_at": "2024-05-28T08:59:03+00:00",
  "modified_at": "2024-05-28T09:28:22+00:00",
  "created_at_opencti": "2024-05-28T08:59:03+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-28",
    "formbook",
    "guloader",
    "malspam"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "3f060b4039fdb7286558f55295064ef44435d30ed83e3cd2884831e6b256f542"
      },
      {
        "id": "",
        "name": "1ab5f558baf5523e460946ec4c257a696acb785f7cc1da82ca49ffce2149deb6"
      }
    ],
    "malware": [
      {
        "id": "cafe3417-bbcf-4b6c-aa87-c8ed210f357a",
        "name": "GuLoader - S0561",
        "slug": "guloader-s0561"
      },
      {
        "id": "legacy:malware:a81818615b7705ec",
        "name": "FormBook",
        "slug": "formbook"
      }
    ],
    "attack_patterns": [
      {
        "id": "d0f4867b-d7c4-4889-8626-29f915ec306c",
        "name": "T1598.002"
      },
      {
        "id": "ce39cd5d-9e4c-4138-b546-abd68e57f8c2",
        "name": "T1071.004"
      },
      {
        "id": "146a6f45-ec55-4d0e-a38c-1b614c3f72d2",
        "name": "T1193"
      },
      {
        "id": "52b92395-d3d3-4e05-976a-0fccccfce8d2",
        "name": "T1566.002"
      },
      {
        "id": "74d5f31c-5e2d-4aed-b8b9-4fabdde76dfa",
        "name": "T1598"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "804630c7-dda3-49df-9ac4-70bd1ad83e06",
        "name": "T1192"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Croatia"
      },
      {
        "id": "",
        "name": "Slovakia"
      },
      {
        "id": "",
        "name": "Czechia"
      },
      {
        "id": "",
        "name": "Spain"
      }
    ]
  },
  "external_refs": [
    "https://isc.sans.edu/diary/rss/30958",
    "https://otx.alienvault.com/pulse/6655b8f78c8020a11658112e"
  ]
}