2024-06-17 (MONDAY): GOOGLE AD --> FAKE UNCLAIMED FUNDS SITE --> MATANBUCHUS WITH DANABOT

NOTES:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

REFERENCES:

• https://www.linkedin.com/posts/unit42_malvertising-matanbuchus-danabot-activity-7208934021207113728-Tc05
• https://x.com/Unit42_Intel/status/1803168396755820812

ASSOCIATED FILES:

• 2024-06-17-IOCs-from-Matanbuchus-infection-with-Danabot.txt.zip   2.4 kB   (2,428 bytes)
• 2024-06-17-Matanbuchus-infection-with-Danbot-traffic.pcap.zip   36.8 MB   (36,823,323 bytes)
• 2024-06-17-malware-and-artifacts-from-the-infection.zip   15.2 MB   (15,186,956 bytes)

 

Click here to return to the main page.