ITALIAN MALSPAM PUSHING ZEUS PANDA BANKER

ASSOCIATED FILES:

  • Saz file of the Fiddler capture:  2017-11-21-Zeus-Panda-Banker-malspam-traffic.saz   949 kB (949,484 bytes)
  • Zip archive of the pcap:  2017-11-21-Zeus-Panda-Banker-malspam-traffic.pcap.zip   1.2 MB (1,173,362 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-traffic.pcap   (1,257,005 bytes)
  • Zip archive of the malware:  2017-11-21-Zeus-Panda-Banker-malspam-and-artifacts.zip   445 kB (444,558 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-0900-UTC.eml   (95,849 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-0902-UTC.eml   (94,621 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-0927-UTC.eml   (95,940 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-1229-UTC.eml   (100,150 bytes)
  • 65829_[removed].xls   (68,608 bytes)
  • SecurityPreloadState.exe   (333,312 bytes)
  • [removed]-3499.xls   (72,192 bytes)

 

NOTES:

  • This is mostly HTTPS traffic, so I’ve included a Fiddler capture (.saz file) for the HTTPS URLs.
  • Email –> attached Excel spreadsheet –> enable macros –> downloads Zeus Panda Banker

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains:

  • scaricapag.win
  • 89D9B687AC98.site

To read the original article:

http://malware-traffic-analysis.net/2017/11/21/index3.html

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *