H-ISAC TLP White Indicator Sharing: Microsoft Teams Spearphishing - UserCentric.exe

In a report from Avanan, researchers identified a file used by threat actors to spearphish users in Microsoft Teams. Further investigation into malicious activity surrounding this file revealed several parent files and other malicious files related to activity. The indicators are from several pivots while conducting research to find information around UserCentric.exe.

Health-ISAC is sharing these IOCs to increase sector awareness. Organizations are encouraged to ingest these IOCs manually if no automatic ingestion systems are implemented. For Health-ISAC members who have implemented the Health-ISAC Indicator Threat Sharing (HITS) program, the IOCs related to this alert have been automatically imported into your environment.

For guidance on how to disable this alert category or share IOCs via the Health-ISAC Threat Intelligence Portal (HTIP), please visit the respective “How To” Knowledge Base articles “HTIP - Alert Categories” and “HTIP - Share Threat Intel" using the link below: 

https://health-isac.cyware.com/webapp/user/knowledge-base

Health-ISAC encourages members to share IOCs via the Health-ISAC Threat Intelligence Portal (HTIP) to take advantage of attributed or anonymous sharing across ISACs and other cybersecurity related entities.

View detailed report below.