2021-09-21 (TUESDAY) - BRAZIL - CURRÍCULO (RESUME) THEMED MALSPAM
- 2021-09-21-Curriculo-IOCs.txt.zip   1.4 kB   (1,391 bytes)
- 2021-09-21-Curriculo.eml.zip   1.8 kB   (1,756 bytes)
- 2021-09-21-Curriculo.pcap.zip   11.1 MB   (11,170,798 bytes)
- 2021-09-21-Curriculo-malware.zip   11.6 MB   (11,578,941 bytes)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Screenshot of the email.
Shown above: Downloading zip archive after clicking link in email.
Shown above: MSI file from downloaded zip archive.
Shown above: MSI file pulls zip archive from 35.183.116[.]253 to install malware here.
Shown above: Traffic from an infection filtered in Wireshark.
Shown above: HTTP stream for traffic to Amazon AWS server (part 1 of 3).
Shown above: HTTP stream for traffic to Amazon AWS server (part 2 of 3).
Shown above: HTTP stream for traffic to Amazon AWS server (part 3 of 3).
Shown above: Malicious zip archive from 35.183.116[.]253.
Shown above: Possible C2 traffic from infected Windows host.
Click here to return to the main page.