2021-09-17 (FRIDAY) - SQUIRRELWAFFLE LOADER WITH COBALT STRIKE

ASSOCIATED FILES:

 

NOTES:

 

IMAGES


Shown above:  Link for malicious zip archive from an email pushing Squirrelwaffle loader.

 


Shown above:  Word doc extracted from downloaded zip archive.

 


Shown above:  Squirrelwaffle artifacts from an infected Windows host.

 


Shown above:  Traffic from a Squirrelwaffle loader infection filtered in Wireshark.

 


Shown above:  Windows EXE for Cobalt Strike seen as follow-up malware.

 


Shown above:  Traffic filtered in Wireshark showing when Cobalt Strike activity started.

 

Click here to return to the main page.