2020-10-16 - TA551 (Shathak) Word docs push IcedID
2020-10-17 05:54:00 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:248 收藏

2020-10-16 - TA551 (SHATHAK) WORD DOCS PUSH ICEDID

ASSOCIATED FILES:

NOTES:

  • All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

IMAGES


Shown above:  Flow chart for today's infection chain.


Shown above:  Screenshot from one of the Word documents.


Shown above:  Traffic from an infection filtered in Wireshark.


Shown above:  Location of installer DLLs for today (different names, but the same .txt file extension and same directory).


Shown above:  PNG image with encoded data saved with .tmp file extension and used to create IcedID malware DLL.


Shown above:  Another PNG image with encoded data created after IcedID DLL from the \AppData\Local\Temp directory was run.


Shown above:  IcedID DLL made persistent on an infected Windows host.

Click here to return to the main page.


文章来源: https://www.malware-traffic-analysis.net/2020/10/16/index.html
如有侵权请联系:admin#unsafe.sh