Tony Lambert · @ForensicITGuy
119 followers · 44 posts · Server infosec.exchangeNew blog post! In this one I look at a downloader that executes #OriginLogger documented by Unit42 and @malware_traffic. Lots of .NET code in this one. https://forensicitguy.github.io/net-downloader-originlogger/
Brad · @malware_traffic
2094 followers · 84 posts · Server infosec.exchange
I forgot #AgentTesla apparently stopped a while back, and one of the new Agent Tesla variants is called #OriginLogger.
I wrote a Unit42 tweet about this traffic, now posted at: https://twitter.com/Unit42_Intel/status/1611379660029366273
#pcap of the infection traffic, sanitized copy of the email, associated malware, and IOCs are now available at: https://www.malware-traffic-analysis.net/2023/01/05/index.html
#agenttesla #originlogger #pcap