2019-01-03 Adwind RAT/Houdini Malspam

**2019-01-07** After talking with some researches about this malware via this Twitter thread, the JAR file is only the delivery mechanism for the VB script inside it. Once the JAR file has been unpacked; the VB script executed that sends traffic to 31.171.152.106:2522 is related to the Adwind RAT. The VB script, and the data POSTed to ‘goz.unknowncrypter.com’ is related to Houdini. This post stems from looking at some malspam that had a JAR file as an attachment from yesterday. I also posted some of the information over on Twitter yesterday too. To see that thread click here. Based on…

Continue reading