2018-04-18 - ITALIAN INVOICE (FATTURA) MALSPAM PUSHES ZEUS PANDA BANKER

ASSOCIATED FILES:

  • 2018-04-18-Fattura-malspam-1228-UTC.eml   (86,814 bytes)
  • 2018-04-18-Fattura-malspam-1232-UTC.eml   (87,042 bytes)
  • 2018-04-18-Fattura-malspam-pushes-Zeus-Panda-Banker-infection-traffic.pcap   (2,696,677 bytes)
  • 2018-04-18-Zeus-Panda-Banker-caused-by-Fattura-malspam.exe   (225,792 bytes)
  • Fatture_582_2018.xls   (61,440 bytes)
  • Fatture_813_2018.xls   (61,440 bytes)

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains:

 

EMAILS


Shown above:  Screenshot from one of the emails (1 of 2).

 


Shown above:  Screenshot from one of the emails (2 of 2).

 

EMAIL HEADERS:

 


Shown above:  Malicious Excel spreadsheet attached to the malspam.

 

TRAFFIC


Shown above:  Traffic from an infection filtered in Wireshark.

 

NETWORK TRAFFIC FROM AN INFECTED LAB HOST:

 

FILE HASHES

EMAIL ATTACHMENTS:

MALWARE RETRIEVED FROM AN INFECTED WINDOWS HOST:

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.