2018-08-16 - EMOTET INFECTIONS WITH ZEUS PANDA BANKER ON 2018-08-15 & 2018-08-16

ASSOCIATED FILES:

NOTES:


Shown above:  Flow chart typical Emotet malspam infections.

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains and URLs:

 

DATA FROM 9 MALSPAM EXAMPLES


Shown above:  An example of Emotet malspam from Tuesday 2018-08-14.

 


Shown above:  An example of Emotet malspam from Thursday 2018-08-16.

 

DATA FROM THE EMAILS:

 


Shown above:  Malicious Word doc downloaded from link in the malspam on Wednesday 2018-08-15.

 


Shown above:  Malicious Word doc downloaded from link in the malspam on Thursday 2018-08-16.

 

TRAFFIC


Shown above:  Traffic from an infection on Wednesday 2018-08-15 filtered in Wireshark.

 


Shown above:  Traffic from an infection on Thursday 2018-08-16 filtered in Wireshark.

 

INFECTION TRAFFIC FROM WEDNESDAY 2018-08-15:

 

INFECTION TRAFFIC FROM THURSDAY 2018-08-16:

 

FILE HASHES

MALWARE FROM THE INFECTED WINDOWS HOSTS:

 

MALICIOUS WORD DOCS ATTACHED TO THE EMAILS:

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.