CyberThreatIntel/cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md

Analysis of the new TA505 campaign

Table of Contents

• Malware analysis
  • 86ccedaa93743e83787f53e09e376713.docx
• Cyber Threat Intel
  • Opendir analysis
  • Victimology
• Indicators Of Compromise (IOC)
• References MITRE ATT&CK Matrix
• Links
  • Original Tweet
  • Link Anyrun
  • Documents

Malware analysis

86ccedaa93743e83787f53e09e376713.docx

The first sample

Cyber kill chain

The process graphs resume all the cyber kill chains used by the attacker.

References MITRE ATT&CK Matrix

List of all the references with MITRE ATT&CK Matrix

Enterprise tactics	Technics used	Ref URL

Indicators Of Compromise (IOC)

List of all the Indicators Of Compromise (IOC)

Indicator	Description
	Domain requested
	IP requested
	HTTP/HTTPS requests
	Domain C2
	IP C2

This can be exported as JSON format Export in JSON

Links

Original tweet:

• https://twitter.com/James_inthe_box/status/1179077549302829056
• https://twitter.com/KorbenD_Intel/status/1179858006584037377
• https://twitter.com/58_158_177_102/status/1177498806016823296
• https://twitter.com/James_inthe_box/status/1174729932045316096

Links Anyrun:

Samples :

• Letter 7711.xls
• REP 7072.xls
• r55.exe

Documents: