2017-01-25 Hancitor/Pony/zloader Malspam

In this post I was able to investigate a Hancitor/Pony/zloader malspam message. Looking around for some more information about this infection, I was able to find the following links: – Brad’s SANS ISC Blog post talking about this exact malspam: https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/ – Hybrid Analysis’ report for another example of this…

Continue reading

2017-01-23 Dridex Malware from Malspam

Here is an example of some Dridex malspam that I was able to analyze yesterday. As usual the artifacts and such can be found over in my Github repo found here. IOCs: ===== relish.net / 81.91.205.168 (Port 443) www1.relish.net / 81.91.205.167 (Port 443) u4593764.ct.sendgrid.net / 167.89.125.30 agfirstnz-my.sharepoint.com, prodnet329-325selectora0000.sharepointonline.com.akadns.net / 104.146.164.65…

Continue reading