2020-11-24 - TA551 (Shathak) Word docs with English template push IcedID
2020-11-25 08:50:00 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:174 收藏
2020-11-25 08:50:00 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:174 收藏
2020-11-20 - TA551 (SHATHAK) WORD DOCS WITH ENGLISH TEMPALTE PUSH ICEDID
ASSOCIATED FILES
- 2020-11-24-TA551-IOCs-for-IcedID.txt.zip 2.4 kB (2433 bytes)
- 2020-11-24-TA551-IcedID-two-pcaps.zip 7.4 MB (7,415,006 bytes)
- 2020-11-24-TA551-IcedID-malware-and-artifacts.zip 2.9 MB (2,885,311 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
- Only found 4 Word docs submitted to VirusTotal from today's wave of TA551 malspam.
IMAGES
Shown above: Screenshot from one of the TA551 malspam.
Shown above: Traffic from the second infection run filtered in Wireshark.
Shown above: Artifacts seen from the second infection run.
Shown above: Scheduled task to keep the second infection persistent.
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2020/11/24/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh