struggling to manage the spread of the viral disease now
known as COVID-19. In cyberspace, threat actors are

# COVID-19 using the topic of COVID-19 to their advantage with

numerous examples of malicious activity using COVID-19

## campaigns as lure documents in phishing campaigns.

#### Key/ Spoofed
**Threat Actor** **Delivery File Type** **Payload**
#### Phishing Stages Organisation

**Crimson RAT** **Ukraine**

**Ministry of**
**Health**

**XLS** **RAR**

**Indian**

**.NET Backdoor**

**Training**
**Company**

**Sandworm/**

##### Transparent Olympic Tribe Destroyer?

**US Centre for**

**Pterodo**

**Disease**
**Control**

**DOCX** **COVID-19** **ISO**

##### Gamaredon Themed Unknown
 Actor

### Emails

**Ministry of**

**Remcos RAT**

**Foreign Affairs**
**of Ukraine**

##### Mustang Operation

**Cobalt Strike** **Panda** **Lagtime** **Mongolian**
**Stager** **Ministry of**

**LNK** **DOC** **Health**

**Chinese** **Poison Ivy**
**News ArticleLanguage** **Stager** BAE Systems, Surrey Research Park,

Guildford, Surrey, GU2 7RQ, UK

#### Mitigations learn@baesystems.com

Remind individuals to refrain from opening emails and attachments baesystems.com/threatintel
from untrusted or unfamiliar sources.

twitter.com/baesystems_ai

If possible, block or monitor file types that are not normally needed for


-----