2021-09-20 (MONDAY) - SQUIRRELWAFFLE LOADER WITH COBALT STRIKE
- 2021-09-20-IOCs-for-Squirrelwaffle-Loader-with-Cobalt-Strike.txt.zip   2.0 kB   (1,973 bytes)
- 2021-09-20-Squirrelwaffle-Loader-with-Cobalt-Strike.pcap.zip   7.7 MB   (7,661,556 bytes)
- 2021-09-20-Squirrelwaffle-Loader-and-Cobalt-Strike-malware-and-artifacts.zip   1.2 MB   (1,223,030 bytes)
- I was originally tipped off to this activity from this tweet sent by @ffforward.
- Based on that info, I captured an infection and pushed out the IOCs through @Unit42_Intel in this tweet.
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Screenshot of tweet from @ffforward.
Shown above: Screenshot of tweet from @Unit42_Intel.
Shown above: Flow chart from the @Unit42_Intel tweet.
Shown above: Using link from @ffforward's tweet to download the initial zip archive.
Shown above: Downloaded zip archive and extracted Excel file.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.