Jazi · @h2jazi
110 followers · 5 posts · Server infosec.exchange


The email pretends to be a letter about a meeting between Consul General of Republic of Kazakhstan and Ministry of Foreign Relations of the Astrakhan region.

- The email contains a vhdx attachment.
- The attachment contains a lnk and an archive file (decoy pdf).

- The lnk downloads the AveMaria payload using curl and executes it.

Тезисы.pdf.vhdx
56d1e9d11a8752e1c06e542e78e9c3e4

Download url:
http://45.61.137.32/www.exe


2300a4eb4bf1216506900e6040820843

C2:
hbfyewtuvfbhsbdjhjwebfy[.]net
193.188.20.163

#avemariarat

Last updated 2 years ago

ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online

Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs - By Asheer Malhotra, Vanja Svajcer and Justin Thattil.

Cisco Talos is tracking a c... feedproxy.google.com/~r/feedbu

#rat #apt #maldoc #securex #netwire #malware #warzonerat #avemariarat

Last updated 3 years ago