Skip to content

Commit

Permalink
Updated 2024-03-14-IOCs-from-malware-possibly-targeting-Spain.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Mar 14, 2024
1 parent 40797e5 commit bed14d0
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2024-03-14-IOCs-from-malware-possibly-targeting-Spain.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2024-03-14 (THURSDAY): ONGOING CAMPAIGN POSSIBLY TARGETING SPANISH CITIZENS

REFERENCES:

- https://www.linkedin.com/posts/unit42_asyncrat-xworm-xrat-activity-7174172958414802944-YI3c
- https://twitter.com/Unit42_Intel/status/1768408063621345565

INFECTION CHAIN:

- Dropbox URL --> zip --> .url file in zip --> retrieves .lnk file via HTTPS WebDAV traffic -->
Expand Down Expand Up @@ -38,4 +43,4 @@ SHA256 HASH FOR WINDOWS SHORTCUT (.LNK FILE) FROM INITIAL WEBDAV TRAFFIC:

SHA2256 HASH FOR MALWARE INSTALLATION SCRIPT:

- 505b3b5420679bdb032c08f20c93ed1a050ec316f9f0cf3586a5f461910f629e - file.bat
- 505b3b5420679bdb032c08f20c93ed1a050ec316f9f0cf3586a5f461910f629e - file.bat

0 comments on commit bed14d0

Please sign in to comment.