0
1
Read Time1 Minute, 6 Second
ASSOCIATED FILES:
- Saz file of the Fiddler capture: 2017-11-21-Zeus-Panda-Banker-malspam-traffic.saz 949 kB (949,484 bytes)
- Zip archive of the pcap: 2017-11-21-Zeus-Panda-Banker-malspam-traffic.pcap.zip 1.2 MB (1,173,362 bytes)
- 2017-11-21-Zeus-Panda-Banker-malspam-traffic.pcap (1,257,005 bytes)
- Zip archive of the malware: 2017-11-21-Zeus-Panda-Banker-malspam-and-artifacts.zip 445 kB (444,558 bytes)
- 2017-11-21-Zeus-Panda-Banker-malspam-0900-UTC.eml (95,849 bytes)
- 2017-11-21-Zeus-Panda-Banker-malspam-0902-UTC.eml (94,621 bytes)
- 2017-11-21-Zeus-Panda-Banker-malspam-0927-UTC.eml (95,940 bytes)
- 2017-11-21-Zeus-Panda-Banker-malspam-1229-UTC.eml (100,150 bytes)
- 65829_[removed].xls (68,608 bytes)
- SecurityPreloadState.exe (333,312 bytes)
- [removed]-3499.xls (72,192 bytes)
NOTES:
- This is mostly HTTPS traffic, so I’ve included a Fiddler capture (.saz file) for the HTTPS URLs.
- Email –> attached Excel spreadsheet –> enable macros –> downloads Zeus Panda Banker
WEB TRAFFIC BLOCK LIST
Indicators are not a block list. If you feel the need to block web traffic, I suggest the following domains:
- scaricapag.win
- 89D9B687AC98.site
To read the original article:
http://malware-traffic-analysis.net/2017/11/21/index3.html
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
100 %
