ITALIAN MALSPAM PUSHING ZEUS PANDA BANKER

cyber

ASSOCIATED FILES:

  • Saz file of the Fiddler capture:  2017-11-21-Zeus-Panda-Banker-malspam-traffic.saz   949 kB (949,484 bytes)
  • Zip archive of the pcap:  2017-11-21-Zeus-Panda-Banker-malspam-traffic.pcap.zip   1.2 MB (1,173,362 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-traffic.pcap   (1,257,005 bytes)
  • Zip archive of the malware:  2017-11-21-Zeus-Panda-Banker-malspam-and-artifacts.zip   445 kB (444,558 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-0900-UTC.eml   (95,849 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-0902-UTC.eml   (94,621 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-0927-UTC.eml   (95,940 bytes)
  • 2017-11-21-Zeus-Panda-Banker-malspam-1229-UTC.eml   (100,150 bytes)
  • 65829_[removed].xls   (68,608 bytes)
  • SecurityPreloadState.exe   (333,312 bytes)
  • [removed]-3499.xls   (72,192 bytes)

 

NOTES:

  • This is mostly HTTPS traffic, so I’ve included a Fiddler capture (.saz file) for the HTTPS URLs.
  • Email –> attached Excel spreadsheet –> enable macros –> downloads Zeus Panda Banker

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains:

  • scaricapag.win
  • 89D9B687AC98.site

To read the original article:

http://malware-traffic-analysis.net/2017/11/21/index3.html

Laisser un commentaire

Next Post

Google has admitted that it has been tracking it’s users

The term “location services” oftentimes points to exact GPS data for app usage, such as Google Maps discovering your best commute route, or Uber figuring out precisely where you’re standing to let operators know your pickup point. News report details a training in which Google was able to track user locations by […]