Professional Documents
Culture Documents
INTELLIGENCE
REPORT
Angola
Threat Intelligence Summary
• An organization in Angola is being attacked on average 2203 times per week in the last 6 months,
compared to 1934 attacks per organization in Africa.
• The top malware in Angola is Phorpiex.
• The top malware list in Angola includes 2 Botnets, 2 Infostealers (Formbook, Qbot) and 1 Backdoor
(Floxif).
• The most common vulnerability exploit type in Angola is Remote Code Execution, impacting 54% of the
organizations.
• Weekly impacted organizations by malware types:
3000
2500
2000
1500
1000
500
0
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
FormBook is an Infostealer targeting the Windows OS and was first detected in 2016. It is
marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion
Formbook 11.0% 7.7% techniques and relatively low price. FormBook harvests credentials from various web browsers,
collects screenshots, monitors and logs keystrokes, and can download and execute files according
to orders from its C&C.
Qbot AKA Qakbot is a multipurpose malware that first appeared in 2008. It was designed to steal a
users credentials, record keystrokes, steal cookies from browsers, spy on banking activities, and
Qbot 8.2% 9.6% deploy additional malware. Often distributed via spam email, Qbot employs several anti-VM, anti-
debugging, and anti-sandbox techniques to hinder analysis and evade detection. Commencing in
2022, it emerged as one of the most prevalent Trojans.
Floxif is an info stealer and backdoor, designed for Windows OS. It was used in 2017 as part of a
6.8% 3.9%
large scale campaign in which attackers inserted Floxif (and Nyetya) into the free version of
Floxif CCleaner (a cleanup utility) thus infecting more than 2 million users, amongst them large tech
companies such as Google, Microsoft, Cisco, and Intel.
Known since 2011, Glupteba is a backdoor that gradually matured into a botnet. By 2019 it
Glupteba 6.8% 2.4% included a C&C address update mechanism through public BitCoin lists, an integral browser stealer
capability and a router exploiter.
9.6%
record keystrokes, steal cookies from browsers, spy on banking activities, and deploy additional malware. Often distributed
Qbot via spam email, Qbot employs several anti-VM, anti-debugging, and anti-sandbox techniques to hinder analysis and evade
detection. Commencing in 2022, it emerged as one of the most prevalent Trojans.
FormBook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a
7.7%
Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook
Formbook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download
and execute files according to orders from its C&C.
Fakeupdates (AKA SocGholish) is a downloader written in JavaScript. It writes the payloads to disk prior to launching them.
Fakeupdates 6.2% Fakeupdates led to further compromise via many additional malware, including GootLoader, Dridex, NetSupport,
DoppelPaymer, and AZORult.
Phorpiex is a botnet (aka Trik) that has been active since 2010 and at its peak controlled more than a million infected
Phorpiex 5.1% hosts. It is known for distributing other malware families via spam campaigns as well as fueling large-scale spam and
sextortion campaigns.
ChromeLoader 4.6%
Angola
23%
34%
United States
Angola Africa
Brazil
Germany 28 United States
3% %
Netherlands South Africa
Russia Netherlands
3%
Other United Kingdom
4% Germany
54 Kenya
3% %
3%
Other
6%
3%
3%
6%
28%
Africa
28%
Web
Email
72%
Africa
exe 71%
xlam 8%
pdf 7%
rtf 5%
xls 5%
docx 2%
xlsx 1%
shtml 1%
vbs 1%
bat 1%
exe 45%
Africa
sh 36%
exe 62%
sh 16%
pdf 9%
dll 4%
dll 9%
eot 4%
bin 1%
ima 1%
lnk 1%
pdf 9% msi 1%
% of Impacted Organizations-
Authentication Bypass 39% Africa
40.0%
35.0%
30.0%
impacted organizations
25.0%
20.0%
15.0%
10.0%
5.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
20.0%
impacted organizations
15.0%
10.0%
5.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
12.0%
10.0%
impacted organizations
8.0%
6.0%
4.0%
2.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
16.0%
14.0%
12.0%
impacted organizations
10.0%
8.0%
6.0%
4.0%
2.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
10.0%
8.0%
impacted organizations
6.0%
4.0%
2.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
40.0%
35.0%
30.0%
impacted organizations
25.0%
20.0%
15.0%
10.0%
5.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
14.0%
12.0%
10.0%
impacted organizations
8.0%
6.0%
4.0%
2.0%
0.0%
03- 10- 17- 24- 01- 08- 15- 22- 29- 05- 12- 19- 26- 03- 10- 17- 24- 31- 07- 14- 21- 28- 04- 11- 18- 25-
Apr- Apr- Apr- Apr- May- May- May- May- May- Jun- Jun- Jun- Jun- Jul-23 Jul-23 Jul-23 Jul-23 Jul-23 Aug- Aug- Aug- Aug- Sep- Sep- Sep- Sep-
23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
More Info:
https://research.checkpoint.com/