I am not completely sure what we have got here today. An email with the subject of Packing List and LPO coming from Jidapa Dongbang <[email protected]> with a link to download a rar file from a onedrive address I am being told it is possibly a new Netwire RAT, although existing yara detections are not firing off on it. There are some known Netwire strings in running memory. Update a revised Anyrun does confirm netwire. It looks like the C2 was down on the original run, but is live now. Probably we were too quick for them & they … Continue reading →
Article Link: https://myonlinesecurity.co.uk/fake-packing-list-and-lpo-delivers-malware-via-onedrive/