2023-02-07 (TUESDAY) - ONENOTE FILE PUSHES UNIDENTIFIED MALWARE

REFERENCE:

• I originally thought this was Matanbuchus, but it appears to be a new malware family.
• Initial tweet: https://twitter.com/Unit42_Intel/status/1623349272061136900

NOTES:

• Zip files are password-protected.  If you don't know the password, see the "about" page of this website.

 

ASSOCIATED FILES:

• 2023-02-07-IOCs-for-unidentified-malware.txt.zip   1.9 kB   (1,874 bytes)
• 2023-02-07-malspam-for-unidentified-malware-1158-UTC.eml.zip   104.3 kB   (104,309 bytes)
• 2023-02-07-artifacts-from-unidentified-malware.zip   2.1 MB   (2,144,039 bytes)
• 2023-02-07-traffic-from-unidentified-malware-infection.pcap.zip   20.8 MB   (20,824,259 bytes)

 

IMAGES UPDATED FROM THE INITIAL TWEET

Shown above:  Updated flowchart (unidentified malware instead of probable Matanbuchus).

 

Shown above:  Updated email image (removed references to Matanbuchus).

 

Shown above:  Updated forensic image (removed references to Matanbuchus).

 

Shown above:  Updated Wireshark image (removed references to Matanbuchus).

 

Click here to return to the main page.