← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ZEUS DELIVERED BY DELOADER TO DEFRAUD CUSTOMERS OF CANADIAN BANKS
WHITE AlienVault 2016-09-22 Modified: 2017-07-25
14
IOCs
MEDIUM VOLUME
Throughout September 2016 we have observed an actor sending malware to Canadian nationals by e-mail. Upon investigation we have determined the malware payload to be DELoader, which downloads a Zeus variant banking trojan upon execution.
zeusdeloaderjscriptcanadabankerforcepoint
Indicators of Compromise (14)
All URL FileHash-SHA1 YARA
TYPEINDICATORDESCRIPTIONCREATED
URL https://prisectos.top/dsr.bin 2016-09-22
URL https://namoterno.top/promo.php 2016-09-22
URL https://aspecto.top/dsr.bin 2016-09-22
URL https://lwowenase.top/core.bin 2016-09-22
URL https://alecofrinse3.com/aqs.bin 2016-09-22
URL https://bielakee.xyz/cr2.bin 2016-09-22
URL https://aspecto.top/dpr.bin 2016-09-22
URL https://prisectos.top/dpr.bin 2016-09-22
URL http://tradestlo.top/poll.hls 2016-09-22
FileHash-SHA1 5bfb7cbc0c79e1ce7fd4861193bd38ceeb4c8c2d 2016-09-22
FileHash-SHA1 cad1715f0ffd32092001a14c5f8de6990c379867 2016-09-22
FileHash-SHA1 e57362eaa240da948980c4c6133d63c2a4c07b31 2016-09-22
FileHash-SHA1 f4a4a2207c8c1135a7bdf819d95e9ee22d34d733 2016-09-22
YARA caeb03337a5978d8b2e9170cbe04d005f4e1dcee 2017-07-25
References (1)
↗ https://blogs.forcepoint.com/security-labs/zeus-delivered-deloader-defraud-customers-canadian-banks