Skip to content

Commit

Permalink
Updated 2025-02-26-IOCs-for-XLoader-infection.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Feb 26, 2025
1 parent a2fde19 commit 67a1b2a
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2025-02-26-IOCs-for-XLoader-infection.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ AUTHOR:

- Bradley Duncan

REFERENCES:

- https://www.linkedin.com/posts/unit42_xloader-formbook-malspam-activity-7300644313238016000-5EnT/
- https://x.com/Unit42_Intel/status/1894878695916970061

INFECTION CHAIN:

- email --> attached PDF --> link to zip archive --> zip contains legitimate EXE that side-loads malware DLL for XLoader
Expand Down Expand Up @@ -82,4 +87,4 @@ XLOADER C2 DOMAINS ACTIVE DURING A LIVE TEST RUN OF THE MALWARE:
- www.maceoconsultores[.]net
- www.superhoroz[.]xyz
- www.tokosayur[.]shop
- www.yusufzdemir[.]xyz
- www.yusufzdemir[.]xyz

0 comments on commit 67a1b2a

Please sign in to comment.