all InfoSec news
ModernLoader to Truebot via PNG
Malware Analysis, News and Indicators - Latest topics malware.news
While perusing on VT I found a new C2 domain for TrueBot.
I have compiled a list of IOC’s denoting the infection chain and some notes related to it.
It starts with some JavaScript files. 4 of them have been identified and pointing to same TrueBot C2 ultimately.
At time of writing this, they all had low detection on VT, with 2 out of 59 engines falling them as malicious.
MD5
71e7a2549311647a6178b84393700bf8
4c75c5f63418b48ede30c16b079f324a
3c57867dc4bdeb8a7d55dfb7d8ef5008
287b172c23da5426cf039ef55d959fbd
As per comment from @thor_scanner …
detection domain february files infection ioc javascript list low malicious malware analysis md5 modernloader obfuscator png truebot writing