someone trying the .vhd attachment in the wild.
cc @wdormann @Jan0fficial
35 VT score exe
https://twitter.com/InvertedLina/status/1186673012994691073 …
1-ish VT score dynamically-sized .vhd
https://www.virustotal.com/gui/file/ae554ee6d9cae636f8e887b41f61743af8804d95051775a8e4a4ec9b8bd27cbe/detection …
https://twitter.com/InvertedLina/status/1186673012994691073 …
-
This Tweet is unavailable.Show this thread
-
wondering if ta505
2 replies 0 retweets 2 likesShow this thread -
I don't thnk so. look here: https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader … Then it seems to simple for somebody like Ta505 group :-)
1 reply 0 retweets 0 likes -
just wondering. some of the legit, nonmalware domain lookups were kinda familiar.
1 reply 0 retweets 0 likes -
well.. the chance that anyone would first extract the .VHD file and then mount it and execute whats inside, all manually is pretty small
2 replies 0 retweets 1 like
Indeed, it's not very clever. Aside from bypassing AV detection on the wire.
4:19 AM - 23 Oct 2019
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.